PilotAware
British Forum => OGN-R PilotAware => Topic started by: peter.seddon on February 05, 2021, 11:48:33 am
-
I keep getting a notification from Malware Bites that www.airport-data.com. It says there is a trojan the website www.airportdat.com on the other hand loads OK. Has there been an update and a typo or is there someone trying to hack us. I got the first notification on 02/20/2021 at 12:22.
-
Hi Peter,
I take it you mean when you click on a picture via the Aircraft Data link from your ATOM display? I'm certainly not seeing any issues either on my iPad or Windows PC and Airport-Data.com opens fine. I'm using Virgin's standard 'F-Secure SAFE' 'anti-virus' software, so the issue may be specific to Malware Bites.
Last ATOM firmware update was on 20210123 so it's been running almost 2 weeks now with no reported problems (to my knowledge).
Regards
Peter R
-
If I click on the website it gets blocked saying it may contain a trojan, I'll have to try it on a non connected PC and see what happens.
-
Is it worth escalating this to Malwarebytes as a false positive?
no problem here with Avast Free...
-
Posted a topic on the Malware bites forum, will see what transpires.
-
This is the reply I got so there must be something to it.
"Hi,
The block will be reviewed. It's currently being blocked as part of a banker trojan using the IP the domain resides on. -- https://www.virustotal.com/gui/url/3dd6a5e4e6e3aea72ad5a6bb676b5e30269cedaf5b270767161188babc25a941/detection
Thank you"
So it is under review, perhaps this needs to be passed to the website owner.
Cheers
Peter.
-
Yes, I would report it to the webmaster.
-
Does anyone know his email address, I tried webmaster@ but that bounced.
-
It seems like they are a bunch of wannabe Secret Squirrels, any "Contact Us" link result in the same stupid loop.
I looked up the domain owner here in Whois:
https://lookup.icann.org/lookup (https://lookup.icann.org/lookup)
but it seemed to be the same sort of Secret Squirrel stuff.
Not sure if I can post the output of an ICANN query in public but if you put the domain in there you'll get an email address which you might try...
It looks a bit strange or even like a bit bucket...
-
comes up with some silly email addresses and a mailing address in Toronto. It does seem sus as there is a similar website called www.airportdata.com i.e. no hyphen.
-
comes up with some silly email addresses and a mailing address in Toronto. It does seem sus as there is a similar website called www.airportdata.com i.e. no hyphen.
But the issue is where the link comes from, who serves up that web page, is 360Radar, PilotAware or someone else?
Whoever has coded that page has put a website with a hyphen in it alongside airliners.net and airframes.org
This is either intentional (whoever code that web page intended for the URL with the hyphen to be there) or the site code has been hacked.
I'm going to suggest that if it really is the correct site, does whoever serves up the web page want to remove the hyphened link until the malware issues are resolved?
I'm an admin on a free flying forum and we had problems with someone trying to screen scrape the whole web site, short term resolved with an IP block. There could be one site cloning another, but this can only be resolved by web masters...
-
Steve,
The link to airport-data.com will be down to VRS - www.virtualradarserver.co.uk.
PilotAware simply incorporate the VRS application into the ATOM firmware so that station owners / maintainers (as ‘non-commercial’ users) can use it to visualise and display traffic. As ‘users’ of their system, we are subject to VRS’s rules and have very little influence or control over how VRS is configured and operates or its external links.
If Peter and yourself want to pass on your findings, there are contact details at the bottom of the VRS Home Page. I’m sure they would be interested to hear from you - especially if this exposes a threat (or potential threat) to their system.
Please keep us informed.
Best Regards
Peter R
-
I've just sent an email to Andrew at Virtual Radar server so we'll se what he says.
-
Got a reply from Andrew and he is looking into this issue.
-
It's back!
-
Not had the popup for a while but the website is still blocked by my malware prog.
-
Phil at 360Radar has replied to a contact from me and with his prior permission I quote his e-mail here:
Thanks for your email.
As you say, Avast is still warning (incorrectly) that there is an issue with the Airport-Data.com site. Since AVG and Avast are the same product with different interfaces but the same backend that will too.
It's because both products take URLs from publicly available lists of supposedly dodgy sites. Nothing wrong with that per se, but they don't check that there's an issue or not. They simply push them out and trigger loads of false alerts ...
I'd recommend getting a decent antivirus product like Norton or McAfee which have the resources to check the URLs and don't just regurgitate someones data.
This will save us all contacting him.
On this basis I will create an exception for the website in Avast. Everything else is working on my PC, and whilst a little bit whiny, Avast Free scores well in tests.
I've also reported a false positive to Avast. Probably a waste of time...
-
Received this just now.
Worth reporting a false positive.
Date: Fri, 12 Mar 2021 15:57:25 +0000 (GMT)
From: AVAST Support <customer.support@avast.com>
To:
Subject: #12746344 - Avast: Report a URL http://cdn.airport-data.com [ ref:_00Db0Z3Sf._5005p2PobkR:ref ]
Greetings,
Thank you for contacting Avast with your concerns.
Our virus specialists have been working on this problem and it has now been=
resolved. The provided website isn't detected by Avast anymore.
We are sorry for the inconvenience. If you have any further questions, don'=
t hesitate to contact me again.
Best Regards
Ondrej
Avast Customer Care
Avast Support Center