Jump to content

ESET is sending Phishing Emails?


monbonita96
 Share

Recommended Posts

Dear all,

Checking my ESET renew receipt in my inbox, MALWAREBYTES block the page due to phishing, 

I think the image is the one, that MALWAREBYTES is detecting as phishing

Could it be a False Positive?

From: comprobantes.astropay@eset-la.com

02ESET.thumb.jpg.8982043d86b3ac82f48e07b5017bf3db.jpg

MALWAREBYTES LOG

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/22/18
Protection Event Time: 3:12 PM
Log File: abaf51b2-a647-11e8-bb7e-6cf049562b12.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6459
License: Premium

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Phishing
Domain: f.cl.ly
IP Address: 52.216.230.123
Port: [50384]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)

Best Regards

 

Link to comment
Share on other sites

I would open a ticket with MBAM support and have them verify it is indeed a FP.

As far as running MBAM Prem with ESET at the same time, in my experience, they will clash. Ever since MBAM went to v3, MBAM and ESET do not play well together. 

Best regards.

Edited by TomFace
Link to comment
Share on other sites

9 hours ago, ram1220 said:

I also turned off the paid version of MB. Too many problems. I only use it as an on demand scanner now.

 

MBAM has grown in complexity since v1.75 (when was a simply "second layer" to any antivirus) and cannot be used with a sophisticated antivirus like ESET.

Malwarebytes recently acquired Windows Firewall Control from Binisoft and has everything to be a fully flagged antivirus (even though they say MBAM is still compatible with any antivirus)

 

I run MBAM and MSE without issues.

Link to comment
Share on other sites

Hello monbonita96, the IP is not blocked. That is a shared IP provided by Amazon S3 for multiple sites. The link we block is for the following site as it is spreading malicious files. I don't believe it is/was part of the letter from ESET it could be due to some advertisement that is crossed linked maybe. It would take more analysis to see if we're able to verify the actual source as it could also be offline now. These type of Ads change rapidly to avoid take-down notices, etc.

f.cl.ly

Example of files they're spreading

HXXp://f.cl.ly/items/291u0Y0G2c381O3H2O22/DSC_0024.exe

Thank you

Forum Manager, Malwarebytes

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...