Website blocked due to malware : true meaning?

[d4005]

During normal computer usage I never see this, but when I run Vuze (aka Azureus), I'll see it pop up a few times. I have no problem seeing it, I'm happy that MB has protected me and would have it no other way, you guys rock.

My question is what has actually happened to cause this popup. I suspect it's either that you've actively detected some malware intrusion attempt and stopped it happening before it could do any damage, or what I think is more likely ... you've detected my machine has a network dialog to an IP address or Domain that you've got on a blacklist due to research or reports of it having been infected.

The latter option meaning that before any malware even would get the chance to try something, if the remote machine is still infected, you've blocked it before it got a chance.

If these particular blocks are solely from a blacklist, does that mean that malware bytes can't actively detect attempts at intrusion and it's only ever working to block traffic from a blacklist? Or are there other MB modules/processes that are actively monitoring attempts to install software, overwrite DLL's, inject things into the startup sequence, etc?

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

1. Download Malwarebytes Support Tool
2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
3. Double-click mb-support-X.X.X.XXXX.exe to run the program
   • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
4. Place a checkmark next to Accept License Agreement and click Next
5. You will be presented with a page stating, "Get Started!"
6. Click the Advanced tab on the left column
   
7. Click the Gather Logs button
   
8. A progress bar will appear and the program will proceed with getting logs from your computer
   
9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
       

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

[exile360]

Greetings,

This is quite normal with applications like Vuze/Azureus because it is a peer-to-peer (P2P) application, meaning it connects to a wide variety of servers/IP addresses, and because many servers/IPs are shared between various customers since multiple sites can be hosted on the same IP, and because some entire IP ranges/hosting providers are blocked by Malwarebytes for being malware-friendly (i.e. they fail to respond to abuse reports/do not clean up malicious content), you will often see sites being blocked when using a P2P application such as a Bittorrent client like Vuze (it's also a pretty common occurrence with other P2P apps such as some instant messenger applications like Skype).

With that said, since you know the connections are coming from your P2P application, you can be reasonably certain that those connections are harmless since it verifies downloaded content by hash/checksum, so assuming the actual content you are downloading isn't infected with malware (which of course could be the case regardless of the source if it is something that has been Trojanized and has nothing to do with the actual seeders/sources you're downloading the file from regardless of their IP addresses), you can actually exclude your Bittorrent client from the Web Protection component in Malwarebytes if you choose to in order to potentially speed up your downloads and prevent those connections from being blocked while still maintaining full protection for the other applications on your PC.

If you do wish to exclude it, then simply follow the instructions found under the Exclude an Application that Connects to the Internet section of this support article to exclude Azure's process so that it will no longer be blocked/filtered by the Web Protection component in Malwarebytes.  You don't have to of course as the blocks do no harm; you'll just obviously continue to see those notifications unless you disable notifications completely (or if you configure Play Mode and are running one of the applications in full screen that you have added your list for apps to apply Play Mode to).

You can find more details about Web Protection in Malwarebytes in this support article, and you can find additional info on the Play Mode feature and how to configure it in this support article (it's very handy if you're a gamer or for when you're watching videos/movies/TV on your PC).

I hope this helps, and if there is anything else we might assist you with please let us know.

Thanks

[d4005]

52 minutes ago, exile360 said:

This is quite normal with applications like Vuze/Azureus because it is a peer-to-peer (P2P) application

~

some entire IP ranges/hosting providers are blocked by Malwarebytes for being malware-friendly

With that said ~ you can actually exclude your Bittorrent client from the Web Protection component in Malwarebytes

Thanks for that clarification. The popups don't bother me, I only use Vuze for about 10 minutes, two or three times a week. I definitely don't want to exclude Vuze from full protection. There's always a chance that some of the people I'm connected to have malware that tries to infect any machine it's detecting via Vuze. Also, I'm only downloading the occasional TV show, so no executables.

[Maurice Naggar]

Hello d4005.

Just to add some additional information about block event notices from the web protection module.

For Your Information:

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each  block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

 

No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).

A browser is not required to be running, just an active Internet connection with processes running,

such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

[d4005]

15 minutes ago, Maurice Naggar said:

some additional information

😎😎😎