Hi! All,
I have contacted the Weatherbug program manufacturer and they have begun an investigation into this issue; it will probably take some time for them complete their investigation so please be patient. Also of note I have yet to see the official sites IP Address listed here; which I will not list myself as it may lead to a DOS attack on that address.
Tech83 :)
Tywin7 wrote:I'm not quite sure whether the file is safe or not. You can upload the setup file to virus total (www.virustotal.com) to see what other AV company says. I only know that the windows gadget is safe but can't gurantee the safety of the desktop tool.
VirusTotal WeatherBugSetup.msi
Jotti Malware Scan WeatherBugSetup.msi
my test download/install ~ WeatherBug page requesting user info prompts Block
Symantec submission has yet to reply.
Submission Summary
We have processed your submission (Tracking #18358836) and your submission
is now closed. The following is a report of our findings for the files in
your submission:
File: WeatherBugSetup.msi
Machine: Machine
Determination: Please see the developer notes.
---------------------------------------------------------------------------
Customer Notes
---------------------------------------------------------------------------
High - Intrusion Attempt - Blocked - NoAction HTTP Fragus Toolkit Request 1
---------------------------------------------------------------------------
Developer Notes
---------------------------------------------------------------------------
WeatherBugSetup.msi is a container file e.g. archive, email OLE.
---------------------------------------------------------------------------
This message was generated by Symantec Security Response automation.
Should you have any questions about your submission, please contact our
regional technical support from the Symantec Web site, and give them the
tracking number included in this message.
Symantec Technical Support
http://www.symantec.com/techsupp/
Norton Safe Search
HTTP Fragus Toolkit Download Activity
Hello
Does this problem only pertain to when you are trying to download the program and install it? If you are a current user of the program for many years, is there any danger? Thanks.
floplot wrote:Hello
Does this problem only pertain to when you are trying to download the program and install it?
The MSI download scans clean. The MSI install triggers Block on my system.
Download Insight
Reputation Level Good
Origin
http://wdownload.weatherbug.com/7.0.0/Installer/7.0.0.7/Offer/WeatherBugSetup.msi
Downloaded File from: weatherbug.com
File Insight
Desktop\WeatherBugSetup.msi
____________________________
____________________________
Signature:
Not Available
Identified:
Not Available
Last Used:
Not Available
Start-up Item:
No
Version Number:
Not Available
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
Unproven
There is not enough information about this file to recommend it.
____________________________
Origin
http://wdownload.weatherbug.com/7.0.0/Installer/7.0.0.7/Offer/WeatherBugSetup.msi
Downloaded File from: weatherbug.com
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________
If you are a current user of the program for many years, is there any danger? Thanks.
Yep, I posed the same question here
Based upon this Topic and this Topic
Based uponHTTP Fragus Toolkit Download Activity
Fragus Exploit Kit Changes the Business Model
Weatherbug and Fragus Toolkit Request 1 question
I stopped my test MSI install at > High Severity - An Intrusion Attempt by BJM-PC was Blocked.
Is there any danger. If it walks like a Duck and squawks like a Duck ...
Wait on info from Tech83 or Caveat emptor.
As a long time user is Norton popping any warnings at ya'
At least I can get a laugh as people can test the installer all they like, and go nowhere, as remember one user had the detection not to do with weatherbug's connections but with BBC and another on a personal free forum, and one that redirects to http://safeweb.norton.com/report/show?name=bbdeals33.com
3 at least link to http://safeweb.norton.com/report/show?url=inesne.com
1 to http://safeweb.norton.com/report/show?name=strgdfdsg.co.cc
Quads
Enjoy yourself ... 
Hello
I have weather bug plus version now and it's not the version you have been mentioning nor did I get it at the link you provided or was provided in this thread. Mine isn't the free version if that is the one referenced. I got mine either from a weatherbug employee or from the weatherbug store. The link for it may be different outside the USA also since the program originated in the US before it was even available outside the US. My Norton program hasn't complained about my program. I have the desktop version,
floplot wrote:Hello
I have weather bug plus version [...]
Does the plus version have ads.
quote > Weatherbug and Fragus
Perhaps Weatherbug's ads point to links that are malicious and re-direct to a Fragus exploit attempt.
Until Tech83 reports back or Quads chooses to bend his rules.
As a subscriber to plus...Don't you have access to WeatherBug Plus Support ?
WeatherBug Plus SupportBelow are answers to common questions about the current version of the WeatherBug Plus desktop application. If you do not see your question here, please fill out a Support Request Form or visit the WeatherBug Forums.
Hi! All,
Just an update to let you know I have not forgotten about the issue being discussed. The Weatherbug Team is still investigating the problem; I will let you know when the results are in. :)
Tech83 :)
@ Topic
I just realized thanks to Quads that my humorous install attempt redirects to Safe Web Warning
NIS offers the info. I just have to read it.
Thanks Quads !
Hello bjm_
The plus version of weather bug does not have any ads which is why I pay for the program to eliminate the ads. Sure, I have access for support and I have been in the Forum and have posted there also. I have no complaints about the program so I have no need for the support. Any problems I do have has nothing to do with malware, the problems I may have has to do with a location not reporting or a part of the report is not functioning. I have no need now to contact them, but when I do, i can contact them and have in the past. I just can't use their help desk which they know.
Also, if you have Windows Vista/7, the default weather gadget could be sufficient for you. It does not have any ads or cause problems
floplot wrote:Hello bjm_
The plus version of weather bug does not have any ads which is why I pay for the program to eliminate the ads. Sure, I have access for support and I have been in the Forum and have posted there also. I have no complaints about the program so I have no need for the support. Any problems I do have has nothing to do with malware, the problems I may have has to do with a location not reporting or a part of the report is not functioning. I have no need now to contact them, but when I do, i can contact them and have in the past. I just can't use their help desk which they know.
Message received LOUD and CLEAR
I'm too cheap to pay. I check my weather at Weather Underground from refdesk
Cheers
I check mine with the Win7 weather gadget or if I'm not on Win7 the BBC/Google (Just type [place name] weather into google).
Tywin7 wrote:I check mine with the Win7 weather gadget or if I'm not on Win7 the BBC/Google (Just type [place name] weather into google).
My concept of an Intrusion Attempt was naively limited to Inbound Event. Malicious URL probing my computer. The concept of an Intrusion Attempt as an Outbound Event. My computer as the Attacking Computer redirecting to an Attacker URL. Never occurred to me. I may have read the info NIS offered me but, I did not understand the info. Behind a router I usually don't see Intrusion Attempts. Naturally, to add insult to injury...the knowledge was as close as a few mouse clics. Norton Help Center > Intrusion Prevention > About > Intrusion Prevention scans all the network traffic that enters and exits your computer [...]
Other reports like with BBC has nothing to do with weather or Weatherbug,
Quads
@ Topic
Installed WeatherBug Desktop (free w ads). Unticked Ask stuff / Registered faux user info / Selected Sponsor
http://weather.weatherbug.com/desktop-weather.html
NIS was silent.
edit update ~ Caveat emptor
I tried install with three different Sponsors
SafeWeb gives tested Sponsors ~ Secure
WOT gives tested Sponsors ~ Poor
So, not exonerated... imo
