Solved

How to report a Malicious URL without having WSA installed

  • 28 February 2013
  • 38 replies
  • 455 views

Userlevel 4
How do I report a malicious URL without having WSA installed? I had to uninstall WSA due to incompatibility. I have a phishing URL using Social Engineering. It's a fake FB login Screen that was sent to me. Someone on my friend list sent me an email saying I wouldn't believe who got video taped going to the bathroom lol Once you click on this link it takes you to the fake FB login page. Some of my friends have already fallen victim to this. It looks really convincing to the untrained user. It looks just like the real FB login screen.
icon

Best answer by JimM 28 February 2013, 19:07

View original

38 replies

Userlevel 4
Yes, I contacted them. I was doing some testing on this machine for them. I no longer have a BSOD with WSA, and SD using the latest version of SD. The only problem is now I can't boot at all if the two are installed. I installed the latest version of WSA two days ago, and I was unable to boot after that. I rolled my machine back using a recent backup image I made. I'm not saying the problem is with Webroot at all.
Userlevel 7
Regarding the conflict, it was determined back in October that Shadow Defender was the cause of the BSOD after our lead developer took a look at the crash data. It was suggested to follow up with Shadow Defender. I see Shadow Defender has started releasing updates again. Have you contacted them?
Userlevel 4
Eset is already blocking the page now. That was fast! Wish I could install WSA on this machine to see it in action :(  It want work with this machine though, and Webroot has already addressed that issue. I use Shadow Defender, and those two will not work together on this Laptop. On other machines they will play well together, but not this one.
Userlevel 4
Someone finally answered my post at Wilders, but it was not Eset staff. It's difficult to get them to answer anything these days. I'm glad the support is outstanding here! I just reported it to Eset as a phishing site.
Userlevel 4
Here is a screen shot of Bright Cloud results 

*Image revoked due to visible address of likely phishing site.  Please do not post links or images of links to potential threat sites. Thanks, 🙂 - admin
Userlevel 4
I looked under option for a button to edit post.. That option was not there last night or a moment ago. I disabled ABP, and Ghostery plugins. Now the edit post option is there. I suspect one of them was interfering with page functionaility.
Userlevel 4
I just sent the new URL by the updated support ticket.
Userlevel 7
TH and I had quite a chat about it last night. It appears to be an attempt to steal Facebook login information. Chrome browser blocked it for me. I think, but am not sure. That it uses an app hosted on the site but is by a 3rd party.

It is actually pretty well done and could easily fool unwary users.
Userlevel 7
If you click "options" at the top right of your post, you'll have an "edit reply" option.
Userlevel 4
Ok, I will update the support case now.
Userlevel 4
Also if i'm already logged into Facebook the page shows me not to be logged in, and wants my login ID, and password.
 
Btw.. I don't see an option to edit a post. Where's the button at to edit a post.
 
Userlevel 7
Please update your support case with this information and we'll take another look. The information in the case is that the link was inactive when we last attempted to check it.
Userlevel 4
Hmm.. the link is working again, and I checked it with Brightcloud. It says it is suspicious. The only buttons that work on the page are where you enter your ID, and password. The IP address of the host server is different than that of Facebook. The original URL I sent Tripple Helix last night redirected you to the page. After I sent it to him last night I noticed the redirect page was no longer working. Now it's working again. The first part of the URL begins app.facebook.........  I was wondering if this was some mobile version, but that redirects you to the URL I believe to be malicious.
Userlevel 7
Thanks Jim! That is good to know about the alternate method for the Mobile versions! (Bookmarked)
Userlevel 7
It looks like the support case was resolved in about an hour and a half via the support system.  Just as a point of clarification - the support system looks like one long conversation rather than individual "tickets."  However, your prior case was already resolved, so there was no confusion generated by discussing a new issue.  In fact, that's normal.  :)

For URL reputation change requests in WSA or WSA-Business Endpoint Protection, the support system is the best channel to reach out to us to have the reputation changed.

For URL reputation change requests in WSA-Mobile or WSA-Web Security Service, the support system is still a good choice, but you could alternatively look up the site via BrightCloud and use the change request link on the left side of the results page.
Userlevel 7
Badge +56
@cuttingedgetech wrote:
I mean pages using exploits to deliver their payload. I dont' see an option for editing post. Humm..
Check for another PM but we will leave it upto the support team to deal with it!
 
Thanks,
 
Daniel
Userlevel 4
I don't see an option for reporting links on FB anymore. I had a long day at work today. I'm beat. Everyone have a good night or day depending on where you are!
Userlevel 6
Well then, since it's a FB knockoff, maybe you want to get the FB spoofing email address and report it to them.
 
Incidentally, is it possible your email list has been hacked?
Userlevel 4
I mean pages using exploits to deliver their payload. I dont' see an option for editing post. Humm..
Userlevel 7
Badge +56
I checked a few places and it comes back clean? I have sent you a PM!
 
Daniel
Userlevel 4
No problem Tripple Helix! I can't wait to get my test machines back so I can start find some Malware samples, and pages with exploits to report. .
Userlevel 4
I don't have an infection. I'm just reporting a phishing site.
Userlevel 6
Cuttingedgetech, have you tried running a good malware program to clear things up?  MBAM?  SAS?  Both?  They are both freeware, so it may be worth a shot!
Userlevel 7
Badge +56
Thanks as it`s not being detected by the Web Threat Shield so thanks for submitting to support! ;)
 
Daniel
Userlevel 4
Ok, I just sent it to you. I was going to send it to Eset to, but they never replied to my post at Wilders so I guess Webroot will have the priveledge of detecting it first lol

Reply