Kaspersky Falsely Identifies Awebers Login URL As Having Virus

[Steven Wagenheim]

Okay, this is serious. I just tried to get to my Aweber login and Kaspersky
is identifying the URL as having some kind of trojan or something that
steals credit card info.

Is anybody else having this problem?

Whether it's on Kaspersky's end or Awebers, until it's fixed, I can't login to
my Aweber account.

[Seiber]

That sounds quite serious. Are you suggesting that we don't use aweber?

[waloosh]

If you're using Internet Explorer, the Phishing site detector may have been tripped accidentally as a false-positive. You don't have to worry about it, there should be an option to get around, if not, disable the Phishing detector and try again.

If you're using Firefox and you get that black and red page that asks you to either ignore the warning or "Get me out of here", then a few people may have sent in reports that they were a phishing, hacking, or infected site, and all you need to do is click "ignore this message".

I don't know what message you're getting, what it looks like or what browser you're using, but there's website certificates have been an issue since Vista came out. You may be experiencing an expired certificate warning and all you have to do is manually add the certificate in the trusted zone.

If I had more information, I could be more helpful, but I doubt there's anything wrong with it. Just a simple misunderstanding as a false-positive.

[WritingMadwoman]

Steven, I wonder if it's related to this warning?

Microsoft warns of serious computer security hole - Yahoo! Finance

Aweber may have been one of the sites hacked? Hope not - especially if the virus can get into all of the email lists?? Yikes, scary thought.

Wendy

[Dan Grossman]

You're talking about https://www.aweber.com/login.htm?

There's nothing malicious there. Looked at the HTML source and all of the JavaScript files. No software installing code, iframes pointing to outside sites or anything unusual.

[Steven Fullman]

Yet another reason why I don't use antivirus software.

Steve

Quote:

Originally Posted by Steven Wagenheim

Okay, this is serious. I just tried to get to my Aweber login and Kaspersky
is identifying the URL as having some kind of trojan or something that
steals credit card info.

Is anybody else having this problem?

Whether it's on Kaspersky's end or Awebers, until it's fixed, I can't login to
my Aweber account.

[Talltom1]

Just logged in using both IE and Firefox. No warnings received via either browser. And I don't use Kapersky.

[waloosh]

Quote:

Originally Posted by Dan Grossman

You're talking about
(link)
There's nothing malicious there. Looked at the HTML source and all of the JavaScript files. No software installing code, iframes pointing to outside sites or anything unusual.

It doesn't have to have any code to infect your computer. I can send you to a site that automatically downloads a RAT (Remote Activated Trojan) to your computer, you'd never know it,(never would either) and the code doesn't say anything about it either.

However, I really seriously doubt that aweber has anything wrong with it. I'm not getting any error either, but everything does seem to be just fine.

[Steven Wagenheim]

Quote:

Originally Posted by Dan Grossman

You're talking about https://www.aweber.com/login.htm?

There's nothing malicious there. Looked at the HTML source and all of the JavaScript files. No software installing code, iframes pointing to outside sites or anything unusual.

Well the problem is, I can't get passed the login page. I can't get to my
lists or any of my messages at all.

I made a post to the Kaspersky forum. Hopefully, they'll investigate and
get back to me.

[Steven Wagenheim]

Quote:

Originally Posted by Dan Grossman

You're talking about https://www.aweber.com/login.htm?

There's nothing malicious there. Looked at the HTML source and all of the JavaScript files. No software installing code, iframes pointing to outside sites or anything unusual.

Dan, yes, that's the URL.

Does anybody use Kaspersky besides me who can check this?

[waloosh]

I'd recommend just turning Kaspersky off for the duration of your work, turn it back on after. Or, you could even add an exception on Kaspersky.

[mywebwork]

OMG you're right - I just tried going to aweber.com and Kaspersky denied access, claimed that it was a phishing site! I was using Google Chrome (and Windows 7).

On 2 XP machines with Avast the site opens up OK, I also used one of my Windows Vista computers and it opened fine without triggering a warning from McAfee.

I wonder if Kaspersky has a fault, or if they are simply the first to become aware of a new threat?

This is serious stuff, many thanks for bringing it to our attention Steven.

Bill

[GarrieWilson]

I'd bet its a false positive but you can by-pass it in the settings to get in.

[Steven Wagenheim]

Quote:

Originally Posted by GarrieWilson

I'd bet its a false positive but you can by-pass it in the settings to get in.

Garrie, I hope you're right, but let's face it, bigger sites than Aweber have
been compromised. I wouldn't bet my kid's life that this is a false positive
because I've just seen too many bad things.

Remember the DOS attacks on Clickbank about 6 years ago?

If I'm not mistaken, they were down for about a week, maybe longer.

[waloosh]

I'm more than sure that it's a false-positive. There aren't any listings anywhere on the web that say anything about this issue. Kaspersky searches through the code of a website while you're visiting it, and if it finds anything that's either unfamiliar and different than normal, it will block it. Symantec Internet Security does it too and it gives false-positives 90% of the time... or, it used to.

[kf]

Yes, you can bypass it ....

But ...

I got this message earlier today trying to opt-in to a site ...

Which basically means that people trying to opt-in to my sites - or yours - may also be getting this message.

Now it gets scary.

[Steven Wagenheim]

Quote:

Originally Posted by kf

Yes, you can bypass it ....

But ...

I got this message earlier today trying to opt-in to a site ...

Which basically means that people trying to opt-in to my sites - or yours - may also be getting this message.

Now it gets scary.

Yes, very scary and potentially harmful to many businesses.

Does anybody know how to get in touch with Aweber outside of going
to the web site and logging in a ticket?

[iw433]

I just logged on to my Aweber account, and I have Kaspersky, no problem, but I get a warning message at my other autoresponder account, RazorBot - Intelligent Email Marketing Robot I would rather get a false positive with anti-virus then get ................without.

[kf]

Tom's a member here. What about sending him a PM?

Or putting up his full name --- I can't spell his last name --- he may have it set for google alerts.

[iw433]

HEY!! how did that happen I wrote "http:www.razorbot.com" I did not make a anchor link out of it! "RazorBot - Intelligent Email Marketing Robot" I don't know how that happened??

[Razer Rage]

Well that's interesting. But then, I've had hotmail block perfectly legit emails with no code or images in them whatsoever.

I suspect it is simply your anti-virus software. Still, you should report it to Aweber, and they'll get it sorted out nice and quick like if there really is a threat.

[Razer Rage]

Quote:

Originally Posted by iw433

HEY!! how did that happen I wrote "http:www.razorbot.com" I did not make a anchor link out of it! "RazorBot - Intelligent Email Marketing Robot" I don't know how that happened??

One of the features of the forum software Warrior Forum uses; it automatically adds the title of the url you are linking to if no anchor text is provided.

[Steven Wagenheim]

Quote:

Originally Posted by kf

Tom's a member here. What about sending him a PM?

Or putting up his full name --- I can't spell his last name --- he may have it set for google alerts.

I contacted Tom via Facebook and Twitter. Hopefully, he'll get one of those
messages.

[mywebwork]

For what it's worth I submitted a ticket to AWeber on this.

Bill

[SuzanneH]

I'm logging in no problem with Kaspersky Internet Security 2009, database last updated 20 minutes ago, and using Firefox. But it does throw out a warning in IE, saying that the site contains a link to livesupport.com, which has been known to (paraphrasing here) to steal credit card information, etc.

Suzanne

[rmholla]

Kapersky is famous for their false positives, if I remember correctly they were even sued over it.

I was trying to sell a website once and someone killed the thread saying Kapersky had detected something. I run McAfee, SpyBot, MalwareBytes, and AVG so I knew it was a false positive. Many others popped on the thread saying they got no warning from their programs but it killed the thread/sale just the same.

I hate Kapersky and wish it would die a horrible death -- or be fixed -- but they cannot seem to do that.

[jimmytron]

Quote:

Originally Posted by Steven Wagenheim

Okay, this is serious. I just tried to get to my Aweber login and Kaspersky
is identifying the URL as having some kind of trojan or something that
steals credit card info.

Is anybody else having this problem?

Whether it's on Kaspersky's end or Awebers, until it's fixed, I can't login to
my Aweber account.

Oh my this is serious... They need to fix this asap!

[Bev Clement]

I was going to come and ask the same question, because I received an email from someone whose list I'm on. There was a link for today's download, and immediately Kaspersky blocked it as having a js which is used to steal passwords and credit card details.

It isn't only not being able to get into your login details, but all customers who use kaspersky are being told that aweber has this problem.

[n7 Studios]

If you've not done this already, Kaspersky offer a contact form where you can submit details about a false alarm / false positive:

Request to Kaspersky Virus Lab

If enough people do this too, hopefully it'll be brought to their attention quickly.

[Martin Luxton]

Steven,

I get emails from a marketer and all his aweber links have been blocked by Kaspersky for the last few months.

This is one of the messages I get

8/07/2009 12:18:32 PM
http: // clicks DOT aweber DOT com/y/ct/?l=FNkFu&m=1cv8OP5IDWh5Rn& (ETC)
Firefox Denied: *.aweber.com/* Databases

There seems to be a problem with the .ico at aweber too.

Martin

[socratous139]

I have the same problem but not only that...the MOST scary thing is that when your subscribers open the email they get the EXACT scary message.

****!

[Steven Wagenheim]

Go here:

Aweber Login Reporting Virus - Kaspersky Lab Forum

It's been confirmed that it's a phishing false positive except Kaspersky still
hasn't fixed the problem yet.

[oimdiane]

The very same thing started happening to me last night. Mine began with a visit to a website with an Aweber signup box on it (which I wasn't even filling out). Wham! Kaspersky went crazy. I then scanned my entire computer (hours later) to find out that any and all mention of Aweber was locked up tighter than tight. I haven't even tried getting to Aweber yet today. I did submit a ticket at Kaspersky, too.

The thing is I do not use Aweber (used to have another one), but if it's locking people out of websites that just have a signup box on them.... Holy Chit!

So either K is ahead of the game or has a serious problem it needs correcting asap. I, too, found the favicon the thing it first tagged as "denied access." Which is truly strange.

However, if K has found something the rest of them haven't this is a good thing.

I'd just like to know, if it is a false positive, how in the world do I get K to UNLOCK this? I'm using K's Internet Security 2009 and frankly liked the older version better. At least (so far) I have not found a way to add "let me just visit the d.amn site" area in their new setup.

Does anyone know how to allow a web site once K has blocked it???

I feel for anyone using Aweber and having visitors using K if it turns out to be a false alarm

[oimdiane]

Well right after making my post, I wanted to let everyone know that I successfully visited the aweber website (which I could not get near last night). So it looks like Kaspersky "fixed" the problem or Aweber did.

[Steven Wagenheim]

Quote:

Originally Posted by oimdiane

Well right after making my post, I wanted to let everyone know that I successfully visited the aweber website (which I could not get near last night). So it looks like Kaspersky "fixed" the problem or Aweber did.

Still getting the virus message on this end.

[Michael Oksa]

Quote:

Originally Posted by Bev Clement

I was going to come and ask the same question, because I received an email from someone whose list I'm on. There was a link for today's download, and immediately Kaspersky blocked it as having a js which is used to steal passwords and credit card details.

It isn't only not being able to get into your login details, but all customers who use kaspersky are being told that aweber has this problem.

Thank you Bev for alerting me to this problem earlier today.

Hopefully it's a minority of my list who has Kaspersky, but even that would be small consolation. I have worked hard to build a solid reputation, and while I'm not that worried about it, I do wonder some people on my list will think if they see an email from me is being flagged as a phishing scam.

With any luck the problem will be fixed sooner rather than later.

All the best,
Michael

p.s. Stuff like this seems to come up once in a while, and makes for a good reminder to have back up plans for the things we tend to take for granted.

[Fernando Veloso]

Good to know things are fixed for some of you guys. What about you Steven?

[onehour]

IT'S LIKELY AFFECTING YOUR SUBSCRIBERS

the real problem is that it is affecting subscribers. I have had two (KNOWN) unsubscribes today saying that the links in my email newsletter (which are aweber tracking links) were flagged by Kaspersky as a "dangerous site"

My list haVs hundreds of US military people that read my newsletter (thorugh aweber) and access my site from secure faiclities, so if word gets out that they think my site is unsafe (even though it's an aweber/Kaspersky thing) -- I am going to be in trouble. They are quick to ban access to sites that have security issues.

I did put a ticket into Aweber today and they said they are working on it.

I would encourage you if you are having problems or getting complaints to put a ticket into Aweber also -- so that they can measure the severity of this and prioritize it.

[Kris.Sm]

Quote:

Originally Posted by Steven Wagenheim

Okay, this is serious. I just tried to get to my Aweber login and Kaspersky
is identifying the URL as having some kind of trojan or something that
steals credit card info.

Is anybody else having this problem?

Whether it's on Kaspersky's end or Awebers, until it's fixed, I can't login to
my Aweber account.

I had the same problem as well... well there wasnt any torjon with aweber. But my kaspersky just wont allow me to. I had to access tht website which was given to me by a warrior member. Paused the protection of Kaspersky and then did my work..Later i did an virus update on kas and it didnt show tht problem again..

[infoweb]

Hi guys,

I'm getting the same problem, I'm using Kaspersky 2009 and when I visit my own sites with aweber forms it gives the message and blocks me from completing the signup forms.

Have contacted Kaspersky about this but no response yet.

Mark

[Steven Wagenheim]

Quote:

Originally Posted by infoweb

Hi guys,

I'm getting the same problem, I'm using Kaspersky 2009 and when I visit my own sites with aweber forms it gives the message and blocks me from completing the signup forms.

Have contacted Kaspersky about this but no response yet.

Mark

I've disabled the message for the site. Have you heard back from them or
does anybody know if this has been fixed yet?

[iw433]

I don't know what's going on but I have not had any problems with aweber and I have the big "K" anti-virus program. Just pulled up aweber a few minutes ago. Logged in last night no problem. Even added a new autoresponder to my account.