1 2 3 Previous Next 23 Replies Latest reply on Sep 25, 2012 4:37 PM by blb014

    Google searches coming up as Malicious?

    ittech

      Recently upgraded to 7.2.0.2

       

      I have a user who is doing searches and being redirected and blocked. When doing a search for "web filtering software" on google the first result after the ads is http://www1.k9webprotection.com. Upon clicking on the link he gets block like so:

      image001.png

      First, I don't know why he's veing redirected to google ads when it's not an ad link. Second, when is google ads Malicious? Third, Malicious and Minimal Risk? Somethings not right here.

       

      Using the internal check URL (thanks e²!) I get the same result:

      image003.png

      For the grand finale Trusted Source shows no category:

      image002.png

      Where's the disconnect?

       

      TIA

        • 1. Re: Google searches coming up as Malicious?
          ittech

          Today when I try to go to http://www.k9webprotection.com/ the site times out. Was it the site this whole time?

          • 2. Re: Google searches coming up as Malicious?
            shaneg

            Take a look and ensure that you are not being redirected to an SSL version of Google - it appears that when my users are not 'properly' authenticated and they try to hit Google (and its the httpS) it chokes on me as well.

            • 3. Re: Google searches coming up as Malicious?
              ittech

              No, it's not HTTPS as far as I can tell. The original block screen shows HTTP. That's a good thought though, I'll keep it in mind and double check on the user's side.

              • 4. Re: Google searches coming up as Malicious?
                asabban

                Hello,

                 

                can you replicate the problem at the moment? Do you have some lines of access.log that show it?

                 

                Best,

                Andre

                • 5. Re: Google searches coming up as Malicious?
                  ittech

                  Can't currently replicate

                   

                  Also, don't have the access.logs anymore. Would a detailed web report help? Or can they be recovered from the Web Reporter?

                  • 6. Re: Google searches coming up as Malicious?
                    trishoar

                    I see this fairly often with a lot of different sites though Goggle is a fairly common culprit.

                     

                    The site it's self it known to be minimal risk, however that server, or URI may have had something on it that McAfee have classed as Malicious. From what I can tell, this is an automated process by Trusted Source. The incidents of this are normally transient, though when I do see it, I always report the link to Trusted Source and it is quickly resolved.

                     

                    BTW, the block pages have some potentially sensitive internal details of your network, such as the users User ID, and the departments they work for. you might want to remove it.

                     

                    Tris

                    • 7. Re: Google searches coming up as Malicious?
                      asabban

                      Hi Tris,

                       

                      thanks for the insight. I can confirm that from time to time I have seen reports about something being blocked, whille a few moments later the issue did not show up again. I am very interested in catching examples of "known good websites" being rated as malicious, but it is very rare that I get an example I can replicate (thats why I asked if you can replicate it).

                       

                      Basically we do not only categorize the URL, but also Paths or Parameters can influence the result. Additionall Category and Reputation are independent from each other, so it could happen that a specific piece of the URL leads to a malicious rating, while the overall reputation of the domain is still good.

                       

                      We have around 20 URL filter updates a day and usually such issues are resolved very quickly. I personally would ask the user to check if the issue persists. If it does we should replicate the problem and find out what causes the block. If the issue is gone most likely a URL filter database update has resolved the issue magically. It would require the URL and the exact URL filter database version to replicate the problem.

                       

                      Best,

                      Andre

                      • 8. Re: Google searches coming up as Malicious?
                        ittech

                        @tris - I thought about reporting it to Trusted Source, but since I couldn't replicate it on a different PC today I figured I should wait. Thanks for the sensitive info heads up, too! I usually do my best to edit , but I must've been in a rush; I don't see a way to edit my post though

                         

                        @andre - I've asked the user to be on the lookout and try it on his free time. The strangest thing was yesterday afternoon (of course this happened at 4:50pm!) that as I watched this happen, I asked the user to try out Bing. So, we searched Bing for web filtering software and found the K9 listing in the results. When he clicked on the link we got the same googleads/malicious sites block page! I still can't figure that one out.

                        • 9. Re: Google searches coming up as Malicious?
                          btlyric

                          Sounds like a browser hijack.

                           

                          The URL that it's referring to is googleads.l.doubleeclick.net rather than doubleclick.net. doubleeclick.net is a malicious domain.

                           

                          There's some discussion here:

                           

                          http://productforums.google.com/forum/#!topic/websearch/DexO-rADIjs

                           

                          and here:

                           

                          http://www.reddit.com/r/techsupport/comments/yr6v7/new_google_redirect_virus/

                          1 of 1 people found this helpful
                          1 2 3 Previous Next