Chipmunk Forums blocked by Sophos Antivirus
Posted: Wed May 28, 2014 9:56 am
Hi,
I have Sophos Antivirus currently installed on my Mac mini, and its web protection has blocked access to Chipmunk Physics. The supposed malware is Mal/Badsrc-M. So don't use Internet Exporer on this seedy corner of the internet.
Its likely a false positive, but a quick Google search indicated that the virus does seem to somehow interact with php messageboards. It could possibly be a source of the recent spam. At any rate, these warnings are a solid sign that this website's reputation score is definitely suffering.
A quick verification and a message to the antivirus company may be necessary. No idea what Trend Micro/Symantec/Grisoft/AlienVault/other firms have picked up, but since they all share information, these people might also be worth contacting.
I strongly recommend anyone reading this to run something like Snort/Suricata to filter your internet connection, a good HIDS for all your hosts, and a proper SIEM to correlate everything.
Colin
EDIT: The main website is blocked as well.
I have Sophos Antivirus currently installed on my Mac mini, and its web protection has blocked access to Chipmunk Physics. The supposed malware is Mal/Badsrc-M. So don't use Internet Exporer on this seedy corner of the internet.
Its likely a false positive, but a quick Google search indicated that the virus does seem to somehow interact with php messageboards. It could possibly be a source of the recent spam. At any rate, these warnings are a solid sign that this website's reputation score is definitely suffering.
A quick verification and a message to the antivirus company may be necessary. No idea what Trend Micro/Symantec/Grisoft/AlienVault/other firms have picked up, but since they all share information, these people might also be worth contacting.
I strongly recommend anyone reading this to run something like Snort/Suricata to filter your internet connection, a good HIDS for all your hosts, and a proper SIEM to correlate everything.
Colin
EDIT: The main website is blocked as well.