×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
plaur
Former Member
Message 1 of 2

Bet365.com warning. Is this a false positive?

I am trying to download a bet365.com poker client and gets a McAfee warning that it contains virus or spyware. I navigate to http://poker.bet365.dk/home/da/ and click "download nu" which starts download of SetupPoker.exe from http://update.dk.p365update.com/installer/

Also navigating to http://poker.bet365.dk/extra/da/poker-guides/getting-started/?DownloadAction=1  gives me this SiteAdvisor warning:

http://www.siteadvisor.com/restricted.html?domain=http:%2F%2Fupdate.dk.p365update.com%2Finstaller%2F...

1) Are these false positives?

2) How can I tell what McAfee has detected? The warnings I get do not contain any info other than something  has been detected.

3) Could there be something wrong with my PC or my McAfee to provoke these warnings?

bet365McAfee.jpg

I checked SetupPoker.exe in VirusTotal. Votes are 46:1 that its clean. According to VirusTotal McAfee says its clean!

the update.dk.p365update.com site:

https://www.virustotal.com/en/ip-address/178.237.172.185/information/

and the SetupPoker.exe file analysis:

https://www.virustotal.com/en/file/a1238984c026a5a74a96db5e56a675034a0f4095bc263 91c2d9d580baedc2474...

Any help appreciated!

on 22/07/13 6:31:32 EDT PM
1 Reply
Hayton
Reliable Contributor
Reliable Contributor
Message 2 of 2

Re: Bet365.com warning. Is this a false positive?

See http://sitecheck.sucuri.net/results/poker.bet365.dk/extra/da/poker-guides/getting-started

The two sites 'http://poker.bet365(.)dk' and 'update.dk.p365update(.)com' have not been evaluated by SiteAdvisor. The site status for both of these is 'Unknown'. They should both have been submitted by the site owner for full testing.

Any warnings for these URLs are therefore being generated by TrustedSource, which uses real-time feedback and third-party input to notify users of suspect or dangerous sites.

In the case of pokerbet365 it may be that the site's use of WebResource.axd and ScriptResource.axd is causing a problem.

A web resource is a file embedded in an assembly

That implies the file is compressed, probably packed. That looks like malware to an anti-virus program.

Same thing goes for ScriptResource.axd -

  • Automatically GZip/Compressing your scripts over HTTP for delivery.
  • Dynamically resolving Release/Debug scripts based on build parameters.  This is useful, if you keep two types of the same script: one for debug, and one packed for release.

Compressed, packed. Both of them attributes of malware.

The handler's "streaming" the javascript files to the client dynamically

So the server is creating javascript files dynamically at run-time on the client PC. This is likely to cause problems wth real-time antivirus scanning programs.

If you are convinced these sites are safe you can contact SiteAdvisor and/or TrustedSource (see this document), but the sites will still need to be tested properly.

For information about this use of .axd files in ASP.NET :

http://bchavez.bitarmory.com/archive/2008/07/28/understanding-scriptresource-and-webresource-in-asp....

http://blogs.msdn.com/b/carloc/archive/2008/12/04/webresource-axd-or-scriptresource-axd-not-working....

http://forums.asp.net/t/1258729.aspx

http://forums.asp.net/t/1258715.aspx

http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community