Discord CDNs

[Phobos_Anomaly]

Merik's right. It still doesn't work. I'm getting mad annoyed.

[cybot]

still getting MBAM protection warnings when using discord.

using MBAM DB version v2017.01.14.06

6:30 PM PST

1/14/2017

[NoNameWouldSuffice]

Hey all

I use and love Malyware Bytes and Discord. I'm also getting a Mbam "Website block" notification when using the the Discord app. Some of my friends' Avatar/profile pictures do not display, even when I open their profile. Whenever I try to load the photo, the Mbam notification pops up again. Am watching this thread closely for any new developments.

 

Thanks

[Nate-Dogg]

9 hours ago, Merik2013 said:

As far as I can tell, this isn't true. my definitions are up to date and I'm still getting warnings. In fact, it sounds to me like you aren't up to date. The latest definitions were released today, on the 14th. The ones you name appear to be 10 days old.

Weird, I'm still not having any issues now.

 

I mistyped the number. I was on 14. (Using a reversed date broke my British brain.)

Now 2017.01.15.01 and no issues.

Edited January 15, 2017 by Nate-Dogg

[Phobos_Anomaly]

1 hour ago, Nate-Dogg said:

Weird, I'm still not having any issues now.

 

I mistyped the number. I was on 14. (Using a reversed date broke my British brain.)

Now 2017.01.15.01 and no issues.

I just tried, still getting Website blocked. I'm pissed. Can't do stuff now, I can't see my profile picture, I can't open links or pictures.

[Zzyzx]

cdn.discordapp.com is how Discord distributes any files users share with each other, including images and other files, so it's more than likely someone just shared something bad with another user.

I'm still getting it blocked on 2017.1.15.4.

To work around it for now, you can go to MBAM > Settings > Web Exclusions > Add Domain and add cdn.discordapp.com. If this isn't unblocked, then images and files will not work at all in Discord.

This really needs to be unblocked.

mbam - discord.txt

[Phobos_Anomaly]

Yeah. I whitelisted it again. If I would get anything, MWB would still find the bad file on my drive even if Discord is whitelisted.

[Zynthesist]

The block on cdn.discordapp.com is still in effect. I just rechecked and there are still malicious files on there.

[Phobos_Anomaly]

Wow. I dumped Skype because I thought Discord would be better. They all have their up their asses instead.

[Ardislayer]

I still got this problem. I can't play games when using Discord. MWB will alt-tab me when the notification pops up.  

[Davor]

Discord just told me that they are waiting on MalwareBytes to resolve the issue. And MalwareBytes says its Discord. LOL

[cybot]

just checking in.

MBAM did an DB update a little while ago, and discord cdn's are still being blocked

DB version : v2017.01.18.03

1.18.2017 12:27 AM PST

Edited January 18, 2017 by cybot

[Phobos_Anomaly]

5 hours ago, Davor said:

Discord just told me that they are waiting on MalwareBytes to resolve the issue. And MalwareBytes says its Discord. LOL

 

1 hour ago, cybot said:

just checking in.

MBAM did an DB update a little while ago, and discord cdn's are still being blocked

DB version : v2017.01.18.03

1.18.2017 12:27 AM PST

This is ridiculous now. How long has this been? Almost a week now. I'm thinking about canceling my MWB license and abandon Discord.

I give them till february.

[Kirnath]

I'm beginning to wonder what exactly this "file" that is so malicious is actually doing to the computer itself? I mean really, this is really starting to get bothersome. It seems to me that it's just blocking people's avatars which are probably being saved to a temp file. I can click links just fine and go to external websites.

Discord says it's on MBAM to remove the block, and MBAM says the files are still there.... it's not just discord for me either it's also the updater for Revolution Online, I've had to whitelist that as well.

 

[Foghladha]

This is the message I got back from Discord via Twitter.

Quote

Hey! I'm so sorry for the inconvenience. I definitely understand how annoying it is having the warning pop up. Unfortunately MWB hasn't contacted us back, and we've repeatedly attempted to get in touch. However, we're still trying to contact them so we can get this issue solved. While we don't want to see you guys leave, we understand that you ultimately have to do what's best for your community. We don't plan on this lasting for forever either, it's just taking a little more time than anticipated.

MWB can you please get on this. I have a very big event coming up that will be using Discord and I need it fixed by then. This will not go well for me if these alerts are popping up. 

Edited January 18, 2017 by Foghladha

[Nate-Dogg]

Quote

Don't worry, the AV is showing us as a false positive, and there's no malicious files on our servers. We're trying to get...

...in touch with MWB about this issue as we speak!

Come on Malwarebytes.

I know it's not a false positive otherwise it would have been resolved by now, but there's obviously been a communication breakdown between the two of you.

[Phobos_Anomaly]

They both say completely different things. Who's right and who's wrong? Ugh...

[Zynthesist]

 

On 1/17/2017 at 8:43 PM, Davor said:

Discord just told me that they are waiting on MalwareBytes to resolve the issue. And MalwareBytes says its Discord. LOL

Just to clarify, we identify malicious files and report them to Discord for take-down, after that we wait for them to take them down, and we re-verify. If the block is still in place, as it is now, it is because there is still live malicious content.

As you can see on the link below, we are not the only security company that is reporting this:

https://www.virustotal.com/en/url/2e02add8ed01a7f46f749ab1560c1eb9324f5fbf46869efca09d6ee42355aad9/analysis/

 

 

 

[Phobos_Anomaly]

Well, screw Discord then. That was all I needed, to know that others except MWB notice something is up with Discord.

Edited January 19, 2017 by Phobos_Anomaly

[Raxrtos]

Well I spoke to Discord on twitter and they said they fixed the file on their end and its up to malwarebytes to do their part. So is this miss lead info or something else going on.

[Zynthesist]

29 minutes ago, Raxrtos said:

Well I spoke to Discord on twitter and they said they fixed the file on their end and its up to malwarebytes to do their part. So is this miss lead info or something else going on.

I have not heard back from Discord. I sent them the details this morning about the malicious file (VT link above) and have not heard back from them. 

[Nate-Dogg]

1 hour ago, Zynthesist said:

I have not heard back from Discord. I sent them the details this morning about the malicious file (VT link above) and have not heard back from them. 

[Phobos_Anomaly]

Lol

[Loc2262]

And to think I was about to replace Skype and Teamspeak with Discord... I thought Microsoft's take at security was bad concerning Skype issues, but what Discord is doing there is really incredible.

I'm following their Twitter support channel. It seems most of the times when somebody has a connection issue or can't install the software or similar, the first thing they suggest is "disable or uninstall your virus scanner, restart your computer, and try again".

I wonder how that program can - as they claim - be "the only free and secure all-in-one voice+text app", if you need to disable malware protection on your computer to install or use it.

Concerning the installer, I found that a little suspicious from the beginning. It's totally silent, does not offer a choice where to install, there's no real way to check the version, and most importantly, it crashes immediately and badly when trying to run it inside Sandboxie (something I always do when trying new unknown software). I've never seen a Windows installer behave like that really.

Concerning the present listing on MWB, they keep saying (pick one) "we've done all we can, we're waiting on MWB to clear the listing, there's nothing wrong on our server, it's a false positive, we assure you it's all okay, whitelist our CDN, uninstall MWB". No mention of the apparent malware files that are still downloadable on their CDN, no reply to my reports concerning that (I suppose they have me on ignore meanwhile ), no real explanation for the listing aside from the things above, nothing.

@Malwarebytes, and other security companies, keep up the good work! Keep them listed until they get their act together and clear all downloadable malware from their CDN, implement proper security measures to prevent users from uploading such files, and if not possible at least properly and instantly inform everyone about the exact details why they get flagged by security companies. And most importantly, stop suggesting deinstallation of malware protection to use their software.

Edited January 20, 2017 by Loc2262

[Phobos_Anomaly]

I've given up on Discord. Yesterday I uninstalled it and reinstalled Skype again. Yes, Skype. When you choose Microsoft over something else it's bad, really bad.
I actually never really liked Discord to begin with. It's design is big and clumsy and icons gets mashed together into a heap of crap if I try to shrink the window.
Plus the watch is 12 hour only and can't be set to 24, which is a norm where I live.