imranceh / browsersec

Automatically exported from code.google.com/p/browsersec
0 stars 0 forks source link

web_misc_urls.html gets picked up by Symantec AntiVirus #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Bloodhound.Exploit.6 is found.

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-03
1218-0648-99

If this is intentional... it should probably be mentioned.

Original issue reported on code.google.com by spaceyra...@gmail.com on 11 Dec 2008 at 4:43

GoogleCodeExporter commented 9 years ago
From virustotal.com
File web_misc_urls.html received on 12.11.2008 18:48:23 (CET)
Result: 13/38 (34.22%)

Antivirus       Version     Last Update     Result
AhnLab-V3       2008.12.12.0    2008.12.11  -
AntiVir         7.9.0.43    2008.12.11  HTML/Exploit.Mhtml
Authentium      5.1.0.4     2008.12.11  -
Avast           4.8.1281.0  2008.12.10  -
AVG         8.0.0.199   2008.12.11  -
BitDefender     7.2     2008.12.11  Generic.XPL.MhtRedir.59CF5627
CAT-QuickHeal       10.00       2008.12.11  -
ClamAV          0.94.1      2008.12.11  Exploit.HTML.MHTRedir-8
Comodo          733     2008.12.11  -
DrWeb           4.44.0.09170    2008.12.11  -
eSafe           7.0.17.0    2008.12.11  -
eTrust-Vet      31.6.6256   2008.12.11  -
Ewido           4.0     2008.12.11  -
F-Prot          4.4.4.56    2008.12.11  -
F-Secure        8.0.14332.0 2008.12.11  HTML/Exploit!Mht.A
Fortinet        3.117.0.0   2008.12.11  -
GData           19      2008.12.11  Generic.XPL.MhtRedir.59CF5627
Ikarus          T3.1.1.45.0 2008.12.11  -
K7AntiVirus     7.10.551    2008.12.11  -
Kaspersky       7.0.0.125   2008.12.11  -
McAfee          5460        2008.12.10  Exploit-MhtRedir.gen
McAfee+Artemis      5460        2008.12.10  Exploit-MhtRedir.gen
Microsoft       1.4205      2008.12.10  Exploit:HTML/MhtRedir.C!MS04-025
NOD32           3684        2008.12.11  -
Norman          5.80.02     2008.12.11  HTML/Exploit!Mht.A
Panda           9.0.0.4     2008.12.11  Exploit/MIE.CHM
PCTools         4.4.2.0     2008.12.11  -
Prevx1          V2      2008.12.11  -
Rising          21.07.32.00 2008.12.11  -
SecureWeb-Gateway   6.7.6       2008.12.11  Script.Exploit.Mhtml
Sophos          4.36.0      2008.12.11  -
Sunbelt         3.2.1801.2  2008.12.11  -
Symantec        10      2008.12.11  Bloodhound.Exploit.6
TheHacker       6.3.1.2.183 2008.12.11  -
TrendMicro      8.700.0.1004    2008.12.11  Possible_MHT
VBA32           3.12.8.10   2008.12.11  -
ViRobot         2008.12.11.1513 2008.12.11  -
VirusBuster     4.5.11.0    2008.12.11  -
Additional information
File size: 1378 bytes
MD5...: 6932e249702da9a408eda1c9ba40e3f9
SHA1..: e4cc91db9c568dcd98db2ae6a5eb84c80a75f735
SHA256: aa28186792ca64155fa20371364d13e34f9032714162cf8b757a50651172dd80
SHA512: 4aab8c8a058f5961bb9f6200ea85025cc3c017c6face4ed337b89df8e12d4131
b3564a2ff8b3e3a59443ece201179a7728bbb3415efed5277e596d6d179bb0c8
ssdeep: 24:SCQKPK622VGhUDpNim/ck2tk2PK62W62jR0r7GvlHRUjxV:SCQkK67PDpMm/J
rMK6/6POE
PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -

Original comment by JustinCa...@gmail.com on 11 Dec 2008 at 6:02

GoogleCodeExporter commented 9 years ago
It is not intentional; it is also a false positive due to a sloppy AV 
signature, see
here:

http://code.google.com/p/browsersec/issues/detail?id=1

Original comment by lcam...@gmail.com on 11 Dec 2008 at 6:46