Sign in to follow this  
Scott Herbert

Poss False Positive - anchorfree.net

Recommended Posts

Hi All,
I think your you've a false Positive for anchorfree.net They sell a VPN called Hotspotshield which the exe for has passed a number of AV programs (yours, AVG and Sophas') however the application on connection to the VPN opens up a page

http://box.anc horfr ee.net/la nd.php?land=1 [Random spaces added to the URL]

and this page is being blocked.

I've checked with stopbadware.com (see [url="http://www.stopbadware.org/reports/5364741431949e6e08b63b00926a06bc"]http://www.stopbadware.org/reports/5364741431949e6e08b63b00926a06bc[/url] ) and that reports an infraction "[color=#333333][font=Arial, Helvetica, sans-serif][size=3][left]GFI classifies [/left][/size][/font][/color][color=#111111][font=Arial, Helvetica, sans-serif][size=3][b][left]anchorfree.net/[/left][/b][/size][/font][/color][color=#333333][font=Arial, Helvetica, sans-serif][size=3][left] as Misc Exploit".[/left][/size][/font][/color]
[left][font="Arial, Helvetica, sans-serif"][color="#333333"][size=3]I guess they are running a VPN server on the same IP address as their website (Not portscanned as I don't own it) and script kid doing something dodgy via it.[/size][/color][/font][/left][left][color=#333333][font=Arial, Helvetica, sans-serif][size=3]Anyway can you review and advise if you agree this is likely to be the case, or if you think theirs something dodgy about anchor free.[/size][/font][/color][/left][left][color=#333333][font=Arial, Helvetica, sans-serif][size=3]Thanks[/size][/font][/color][/left][left][color=#333333][font=Arial, Helvetica, sans-serif][size=3]Scott [/size][/font][/color][/left]

Share this post


Link to post
Share on other sites
Hi [color=#333333][font=Arial, Helvetica, sans-serif][size=3]Scott,[/size][/font][/color]

[color=#333333][font=Arial,Helvetica,sans-serif][size=3]Thanks for posting - I'll check it out and report back here.[/size][/font][/color]

[color=#333333][font=Arial,Helvetica,sans-serif][size=3]Regards,[/size][/font][/color]

[color=#333333][font=Arial,Helvetica,sans-serif][size=3]Andy[/size][/font][/color]
[color=#333333][font=Arial,Helvetica,sans-serif][size=3]Lavasoft Malware Lab[/size][/font][/color]

Share this post


Link to post
Share on other sites
Hi Scott,

This is not a false positive. We are blocking the site (and the software) because of AnchorFree’s privacy problems. GFI have done some work on this – see [url="http://sunbeltblog.blogspot.com/2010/05/what-part-of-no-adware-dont-you.html"]here[/url] and [url="http://sunbeltblog.blogspot.com/2010/05/anchorfree-responds-on-hotspot-shield.html"]here[/url].

Regards,

Andy
Lavasoft Malware Labs

Share this post


Link to post
Share on other sites
Sign in to follow this