08-05-2008 04:58 AM
I am not sure what credentials or information your software uses as a basis to identify phishing sites, but it appears, from reading this forum whatever formula, credentials, or algorithms you use, you have a major flaw in your phishing detection system. As indicated from other posts on this forum your software incorrectly identifies some safe sites as phishing sites. This is not only bad for the site that is safe and you report as a phishing site, this is bad for your company too. It reflects poorly on your software.
This morning two people who use your software reported to us that they are getting phishing warnings on our site at http://notoverthehill.com/ . It certainly is not a phishing site, nor could it be. There is absolutely no financial information collected on this site, there is nothing sold on this site, there are no viruses, Trojans, worms or other malicious activity on this site - there isn't even any software offered for download from this site, yet your software is giving users a false "phishing warning" when they visit this site.
This is not only detrimental to our site but to your software since your software isn't able to differentiate between a real phishing site and a safe site.
We have told our users that they must be cautious about depending on a security program that produces false-positives as it might also mean that it isn't detecting real threats either. One thing for sure, your software is flawed and needs to be fixed immediately.
Reporting false positives when users are visiting a safe site like http://notoverthehill.com/ isn't good our site and it really looks bad for your software.
Cloudeight Internet LLC
08-05-2008 05:53 AM
OK,I went to http://notoverthehill.com/ and notiing happens.
OS=Vista SP1 all updates
Browser 1=IE7 with antiphishing (NIS 2008 v15.5...)
Browser 2=Opera 9.51 with antiphishing option on (not monitored by Norton,not supported browser)
Location= Macedonia (Europe)
ISP= Macedonian Telecomunications www.t-home.mk
08-05-2008 06:46 AM - edited 08-05-2008 06:48 AM
I clicked the link, and it was not caught by the phishing filter at the time I clicked it. I also submitted the link for you to the Security Response Team using the following link.
False Positives - https://submit.symantec.com/antifraud/false_positi
You might also want to read this post, for an explaination of how the system works. The site was not specifically targeted, but rather scored base on the way it was designed by it's programmers.
08-05-2008 08:13 AM
I am one of the two people that have been getting phishing warnings at http://notoverthehill.com/ . This started when I went to view my page at http://notoverthehill.com/mouse/ at approximately 1:45 a.m. . Of course you might not be able to view it as a guest without knowing my password. Then as I started trying to view other parts of the site, the phishing filter started warning me even more. I've never had a problem with my Norton's antivirus program before this morning. I disconnected from the site and ran LiveUpdate and then did a scan on my computer. The only thing that popped up security-wise was something about a temporary cookie. Now while we're on that subject, why is my antivirus program even alerting me about cookies? So at this point, I've turned the Phishing Filter off and will only turn it on when I'm not on the NotOverTheHill site. When you get it fixed, please let me know. Thanks!
08-05-2008 08:25 AM - edited 08-05-2008 08:26 AM
I've visited your site several times consecutively after reading this post. Sometimes it got blocked as phishing, other times it didn't.
Is it possible that one of the revolving adverts on there is being mistakingly flagged as phishing, or is indeed malicious rather than your site itself.
Edit: I think this is the case, just visited it again, and the URL that is blocked as phishing is:
http://cubics.com/displayAd.aspx?pid=X (Removed this for obvious reasons).
08-05-2008 11:23 AM
Hello I am a representative of Cubics.com (the site indicated in the comment below). We operate an ad network for Social Networking application developers.
We've just become aware of this issue and I've already submitted the false positive information. But I still have some questions:
Cubics.com serves thousands of ads every second and hand-reviews every ad that goes into our system. The block is happening on our publisher's pages which are typically running on Facebook. So this makes lots of very legitimate people look bad (us, the publisher and Facebook)
This is a very big deal to us, so we need to know what's going to happen.
Who can we contact directly?
08-05-2008 11:54 AM
- What type of turn-around time can we expect?
- Will I be notified when our site has been removed?
- Can I speak to someone directly? (the submission included my phone number)
1) It should be a fairly quick turnaround, depending on the number of submissions at the time.
2) You will be notified of the results by email, to the address you used for submission.
3) If the results of the analysis are not satisfactory to you, there are further instructions to contact our Technical Support team. However, you can also send me a Private Message through these boards with your contact information.
I would recommend submitting all possible URLs that are being detected as phishing sites. We want to ensure we have as much information as possible regarding the problem so we can resolve it quickly. Thanks!
08-05-2008 11:59 AM
08-05-2008 02:38 PM
08-06-2008 06:15 AM