I’ve gotten this message from Malwarebytes quite a lot these few days. Is this just a false positive?

  • downpunxx@lemmy.world
    link
    fedilink
    arrow-up
    13
    ·
    1 year ago

    Keep getting false positives on AVG from lemmy.world communities pages for derp.foo

    When people name their web assets the same as known viruses, hacks, and malware, because they think it’s just the funniest thingever, this shit is going to continue to happen.

    Your antivirus is working perfectly, and doing exactly what is should be doing.

  • Anony Moose@lemmy.ca
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    VirusTotal doesn’t show any infections for that url.

    I’ve seen a few false positives with BitDefender for random Lemmy instances too. It might be the heuristics being triggered by the random URL names, but it’s also possible there were random exploits like the XSS vulnerability that were caught by some antivirus apps. Considering Lemmy is still a juicy target for bad actors, some precaution is probably warranted.

    In general I’d look closely at the specific detection to make sure it’s not flagging a suspicious JS file, etc.

    • MrPoopyButthole@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Because the site is behind a login, you would have to upload the JS files individually to virustotal. However, there are no trojans that can affect you from visiting a website. Browsers have sanboxing to prevent that. What web threats usually do is steal keystrokes, serve ads, phish banking sites etc. To get infected by a trojan you would have to download a file and execute it.

        • MrPoopyButthole@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Yeah you’re right. But browser zero days are usually targeted attacks not casting a large net like the usual web threat. Thanks for the link, it was interesting to learn some more techniques that are used in developing those. In this case the threat detected was Go based ransomware.

    • Anony Moose@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      The Trojan mention is worrying, though. Does it provide any more details about what it’s flagging?

  • zazaserty@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    arrow-down
    8
    ·
    1 year ago

    Malwarebytes kinda sucks anyway. That aside, it is weird that you get such warning. I doubt it’s not a false positive.

    • Ab_intra@lemmy.worldOP
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Can you give me a good reason why Malwarebytes sucks? Because it’s widely used. I’ve been using it for 10+ years at this point. Bought it when you got it for lifetime ;)

      Just saying that it sucks don’t give me a single reason to believe you.

      • zazaserty@discuss.tchncs.de
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        1 year ago

        I apologize, I didn’t word my opinion in the best way. I could debate about the quality of this product with you, and I think it could be quite enjoyable for both of us. However, this is not the point here.

        As I was saying. I doubt MalwareBytes is in the right here. It probably made a mistake. In all fairness, I have used that specific instance before and had no issues. That being said, I don’t use that antivirus or windows so… who knows. I personally trust the instance and its owner, and have had no notice about issues like this ever. So if I were you, I wouldn’t worry. Watch out for other warnings and be alert. That’s all.

        • Ab_intra@lemmy.worldOP
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          No worries. Cool of you to admit that the way you wrote it came out wrong, I do it all the time so no worries. I really appreciate people thinking twice before or even after posting.

          And I’m also pretty sure it’s a false positive but as @downpunxx points out it might be because of how they name their instance…