Malicious website ?

[Keith Rogers 2Participant @keithrogers2]

Hi all, I've just been trying to access http://www.cnczone to download the most recent version of Eazilathe. Unfortunately my anti virus software keeps telling me that it's a malicious site and that it's a known dangerous website.

Have any other members had this trouble? Or is it just Norton being ultra carefull.

I'm surprised, as I understood it to be a well used site.

Best regards,

Keith.

Edited By Keith Rogers 2 on 17/05/2023 22:50:45

[Keith Rogers 2Participant @keithrogers2]

[SandgrounderParticipant @sandgrounder]

If this is the site you want I've just opened http://www.cnczone.com no problem at all, using Firefox on Linux Mint 21

John

[HOWARDTParticipant @howardt]

I have had this in the past with known sites. Using Norton on MAC OS, I just disable Norton and download the required file then re initiate it. If you worry you can then do a full scan, never had a problem, it is unusually caused by an out of date certificate.

[Neville ChaseParticipant @nevillechase52412]

I consider Norton a virus.

[Thor 🇳🇴Participant @thor]

I too tried and http://www.cnczone.com opened without problems (Firefox on Windows).

[John HaineParticipant @johnhaine32865]

Ditto, Chrome on Win10 with Norton.

[Michael GilliganParticipant @michaelgilligan61133]

iPad, running 16.4.1 (a), happily opens https://www.cnczone.com **LINK**

without any protest or warning.

MichaelG.

[RooossoneParticipant @rooossone]

I can get to it on my work machine and that is protected to the nines. If I can reach it on that there is most certainly no issue with that website

[SillyOldDufferModerator @sillyoldduffer]

Now then boys and girls, told that an AVM is red-flagging a website as a security risk, is it a good idea to rush in and try it? If the website is a wrong 'un, the bad guys may have put considerable effort into making it look and feel legitimate. You could be jumping into a honeypot. A second Charge of the Light Brigade.

What does connecting to http://www.cnczone.com with a Browser prove? Almost nothing in a security sense, apart from the possibility of painfully finding your AVM is out-of-date compared to Keith's Norton.

Better to check suspicious sites with one of the online checkers. I used **LINK** to scan http://www.cnczone.com. (Others available) It applied about 40 checks, which all came back clean, and provides other reassuring information. I'm 99% certain cnczone is safe. The remaining doubt is because of the unlikely possibility that Norton and Keith are one step ahead of everyone else! More likely it's a false positive: a mistake, or maybe http://www.cnczone.com was briefly spoofed or malfunctioned suspiciously recently, now fixed.

Dave

 

 

 

 

 

Edited By SillyOldDuffer on 18/05/2023 10:01:06

[RooossoneParticipant @rooossone]

Posted by SillyOldDuffer on 18/05/2023 09:59:58:

Now then boys and girls, told that an AVM is red-flagging a website as a security risk, is it a good idea to rush in and try it? If the website is a wrong 'un, the bad guys may have put considerable effort into making it look and feel legitimate. You could be jumping into a honeypot. A second Charge of the Light Brigade.

What does connecting to http://www.cnczone.com with a Browser prove? Almost nothing in a security sense, apart from the possibility of painfully finding your AVM is out-of-date compared to Keith's Norton.

Better to check suspicious sites with one of the online checkers. I used **LINK** to scan http://www.cnczone.com. (Others available) It applied about 40 checks, which all came back clean, and provides other reassuring information. I'm 99% certain cnczone is safe. The remaining doubt is because of the unlikely possibility that Norton and Keith are one step ahead of everyone else! More likely it's a false positive: a mistake, or maybe http://www.cnczone.com was briefly spoofed or malfunctioned suspiciously recently, now fixed.

Dave

That is certainly top advice. Luckily I have isolated VM's I can try this type of thing on.

[Bob Unitt 1Participant @bobunitt1]

Why would you trust an online website purporting to check other websites any more than you would trust any other online website ? Does not compute…

[Keith Rogers 2Participant @keithrogers2]

Thanks for all your help

Having tried yesterday at various times to no avail, I tried again this morning after your reassurances and had no problem. Strange!

Thanks again.

Keith.

[Keith Rogers 2Participant @keithrogers2]

Ahh! It's the downloads page that's causing the problems. When I tried last time I only went to the Homepage–no problem.

If you search for http://www.cnczone/forums/downloads you hit trouble!

Oh well it seemed like a good idea at the time, I'll just have to use my old version of Ezilathe (wrong spelling in first post)

Regards,

Keith.

[Michael GilliganParticipant @michaelgilligan61133]

Keith

As before **LINK** https://www.cnczone.com/forums/downloads.php

works fine for me.

Could it be that you are using an old URL, starting with http instead of htttps

MichaelG.

[peak4Participant @peak4]

Posted by Michael Gilligan on 18/05/2023 11:14:21:

Keith

As before **LINK** https://www.cnczone.com/forums/downloads.php

works fine for me.

Could it be that you are using an old URL, starting with http instead of htttps

MichaelG.

I don't use Norton, but I'm guessing it's flagged up because cnczone's forum is a site from which you can download executable files.

As a warning, it could be infected by one of the "Drive By" malware programs
https://www.kaspersky.com/resource-center/definitions/drive-by-download 

Google Safe Browsing Check is probably a reasonable place to start
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fwww.cnczone.com%2Fforums%2Fdownloads.php

Bill

Edited By peak4 on 18/05/2023 12:19:38

[RooossoneParticipant @rooossone]

Ok having retried the specific URL in a safe location, it does get flagged for high risk of malware/malicious sources. It could quite easily be because you can download untrusted executables as suggested above.

I would just ensure that any link you use to download is in fact coming from the trusted location and not some arbitrary and weird looking url (hovering over links shows the url in the bottom left corner of the browser, make sure its what you would expect from them normally).

You could, disable AV protection, download these files, re-enable AV protection and scan the file, but only really recommended in an isolated environment.

I think in this instance the antivirus could be over zealous with it's protection.

[SillyOldDufferModerator @sillyoldduffer]

Posted by Bob Unitt 1 on 18/05/2023 10:11:53:

Why would you trust an online website purporting to check other websites any more than you would trust any other online website ? Does not compute…

Yes indeed, and "Quis custodiet ipsos custodes?" has always been a problem. (Who watches the watchmen?)

Faulty logic as a reason for not bothering with deeper checking though. Even though security is never perfect, it's still prudent to do ones best.

As far as I know, no-one has successfully faked a website security check website – yet. Not impossible, but a tricky challenge to pull-off for any length of time.

The site I used lists the resources it uses, and they can all be verified individually. So if someone had successfully hijacked http://www.cnczone.com, they have to hijack URLVOID and it's sub-sources as well. That depth of deception is hard work. And if URLVOID is in doubt, other web check sites are available – Bill mentions Google Site Check.

Security is a balance between inconvenience and safety. I try a notch or two harder than average, which is usually enough to stay one step ahead of evil-doers.

Dave

[SillyOldDufferModerator @sillyoldduffer]

Posted by Rooossone on 18/05/2023 12:31:52:

Ok having retried the specific URL in a safe location, it does get flagged for high risk of malware/malicious sources. …

If tested from a work computer, IT Departments almost invariably block anything on the internet that Downloads software. Unless they've made a mistake, or the job is done by the office-junior as a sideline. Businesses rarely take the risk of allowing employees to do whatever they want with a work computer: apart from the privacy issue, it reduces system reliability and makes diagnosing faults much harder. IT professionals go for tight configuration control!

Dave

[RooossoneParticipant @rooossone]

To add to this it looks pretty secure from an SSL / cipher /Web Server vulnerability scan point of view.

(usually the standard to define that a site is protected and secure, check the SSL Labs site for more information).

The I have generated report for CNCZone here. What this indicates is that the site is secure.

 

Edit to add a description of what the SSL LAbs scanner does.. 

 

SSL Labs by Qualys is one of the most popular SSL testing tools to check all the latest vulnerabilities & misconfiguration. Certificate issuer, validity, algorithm used to sign Protocol details, cipher suites, handshake simulation It tests the website’s SSL certificate on multiple servers to make sure the test results are accurate.

Edited By Rooossone on 18/05/2023 13:53:40

[RooossoneParticipant @rooossone]

Posted by SillyOldDuffer on 18/05/2023 13:46:30:

If tested from a work computer, IT Departments almost invariably block anything on the internet that Downloads software. Unless they've made a mistake, or the job is done by the office-junior as a sideline. Businesses rarely take the risk of allowing employees to do whatever they want with a work computer: apart from the privacy issue, it reduces system reliability and makes diagnosing faults much harder. IT professionals go for tight configuration control!

Dave

You are right, they do. I was trying to not get too technical but I have access to cloud based virtual machines in an isolated network subnet that I can use for things like this.

[Bob Unitt 1Participant @bobunitt1]

Posted by SillyOldDuffer on 18/05/2023 13:23:03:

Posted by Bob Unitt 1 on 18/05/2023 10:11:53:

Why would you trust an online website purporting to check other websites any more than you would trust any other online website ? Does not compute…

Yes indeed, and "Quis custodiet ipsos custodes?" has always been a problem. (Who watches the watchmen?)

Faulty logic as a reason for not bothering with deeper checking though. Even though security is never perfect, it's still prudent to do ones best.

As far as I know, no-one has successfully faked a website security check website – yet. Not impossible, but a tricky challenge to pull-off for any length of time.

I wasn't suggesting you shouldn't do such checks, just the general "Quis custodiet ipsos custodes?" of the situation. I do such checks myself, and have certain sites and tools I trust, but my faith in them isn't absolute.

You can't be sure that a site isn't compromised in some way, as the definition of a successful compromise is that you can't detect that it's happened.

Even the big-boys can be infected – some years ago a colleague of mine went to a major IBM developer's conference in California, returning with a conference-provided CD of tools and information. On his return he found an urgent email from IBM – "DON'T OPEN THAT CD, IT'S GOT VIRUS !".

[Author]

Posts