NOD32 reporting "threat detected" at Wells Fargo's site...false alarm?

  • Thread starter Thread starter mailmover
  • Start date Start date
M

mailmover

Hello.

I went to Wells Fargo's homepage, clicked on a link, and NOD32 gave me a
trojan warning. Can someone check out whether this is simply a false
alarm or something to worry about.


Go to Wells Fargo:

http://www.wellsfargo.com


At top of page, click on "ATM/Banking Stores"
 
From: "mailmover" <[email protected]>

| Hello.
|
| I went to Wells Fargo's homepage, clicked on a link, and NOD32 gave me a
| trojan warning. Can someone check out whether this is simply a false
| alarm or something to worry about.
|
| Go to Wells Fargo:
|
| http://www.wellsfargo.com
|
| At top of page, click on "ATM/Banking Stores"

Nothing. Must be a False Positive on a script.
 
| Hello.
|
| I went to Wells Fargo's homepage, clicked on a link, and NOD32 gave me
a
| trojan warning. Can someone check out whether this is simply a false
| alarm or something to worry about.
|
|
| Go to Wells Fargo:
|
| http://www.wellsfargo.com
|
|
| At top of page, click on "ATM/Banking Stores"
|

I did and a NOD32 warning popped up: Threat - HTML/Phishing.gen.trojan

I'm running NOD32 1.5 with the latest update on a Win98SE system.

Chas.
 
From: "* * Chas" <[email protected]>


| I did and a NOD32 warning popped up: Threat - HTML/Phishing.gen.trojan
|
| I'm running NOD32 1.5 with the latest update on a Win98SE system.
|
| Chas.
|

If that *IS* the real site, then there is a obvious problem with the application of NODS32's
Phishing detection algorithm.
 
| From: "* * Chas" <[email protected]>
|
|
| | I did and a NOD32 warning popped up: Threat -
HTML/Phishing.gen.trojan
| |
| | I'm running NOD32 1.5 with the latest update on a Win98SE system.
| |
| | Chas.
| |
|
| If that *IS* the real site, then there is a obvious problem with the
application of NODS32's
| Phishing detection algorithm.
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|
|

Yep, https://www.wellsfargo.com/ is their web site. Cross checked it.

Chas.
 
mailmover said:
Hello.

I went to Wells Fargo's homepage, clicked on a link, and NOD32 gave me a
trojan warning. Can someone check out whether this is simply a false
alarm or something to worry about.


Go to Wells Fargo:

http://www.wellsfargo.com


At top of page, click on "ATM/Banking Stores"
Click to expand...
Nothing happened when I tried it, using Firefox 1.5. We're you using IE?
Maybe a rogue BHO was installed?
 
David said:
From: "* * Chas" <[email protected]>


| I did and a NOD32 warning popped up: Threat - HTML/Phishing.gen.trojan
|
| I'm running NOD32 1.5 with the latest update on a Win98SE system.
|
| Chas.
|

If that *IS* the real site, then there is a obvious problem with the application of NODS32's
Phishing detection algorithm.
Click to expand...
I tried it using NOD32 2.5 and nothing at all occured.
 
optikl said:
Nothing happened when I tried it, using Firefox 1.5. We're you using IE?
Maybe a rogue BHO was installed?
Click to expand...

When I used Netscape 7 there was no detection. When I tried Internet
Explorer 6 I got the prompt from Nod32 on "ATM/Banking Stores".

When you type "http" it changes to "https" when the connection is made.
 
Go to Wells Fargo:
I Saved the page as a HTM file and uploaded it to Virus Total.
NOD32 alerts on this upload, but it's the only AV that alerts.

NOD32 users should submit the web site HTM file to NOD
for analysis.

Art

http://home.epix.net/~artnpeg
 
Poster said:
When I used Netscape 7 there was no detection. When I tried Internet
Explorer 6 I got the prompt from Nod32 on "ATM/Banking Stores".

When you type "http" it changes to "https" when the connection is made.
Click to expand...
So, it's triggering off the Active X script.
 
Nod32 gives the warning using Opera Browser also, so it is not an
Active X issue. I get the warning with all scripting disabled.
 
Mike said:
Nod32 gives the warning using Opera Browser also, so it is not an
Active X issue. I get the warning with all scripting disabled.
Click to expand...
And with Firefox 1.5, with JAVA and JAVA script enabled, with the
highest possible security settings, NOD32 2.5 does not alert.
 
Hello.

I went to Wells Fargo's homepage, clicked on a link, and NOD32 gave me a
trojan warning. Can someone check out whether this is simply a false
alarm or something to worry about.


Go to Wells Fargo:

http://www.wellsfargo.com


At top of page, click on "ATM/Banking Stores"
Click to expand...

False detection of HTML/Phishing.gen.Link sent to NOD32(ESET) for a
fix.
 
From: "optikl" <[email protected]>

| And with Firefox 1.5, with JAVA and JAVA script enabled, with the
| highest possible security settings, NOD32 2.5 does not alert.

Then apparently this is something that is not implemented by the older NOD32 version.

This is not unlike McAfee v4.5.1 can't detect "potentially unwanted programs" such as McAfee
v7.x and v8.0i can.
 
I tried it using NOD32 2.5 and nothing at all occured.
Click to expand...

Nor here, also using NOD32. The home page and the click-thorough both
identify themselves correctly too.

Cheers,

Roy
 
Back
Top