Jump to content

Getting 'trojan' message when I open email (Operamail/Fastmail issue)


Go to solution Solved by JPopovic,

Recommended Posts

Hello!

Today I'm suddenly getting warnings every time I open a new email. I checked the IP in the warning and it said it appeared to be malicious. I see there have been previous issues with pages associated with Fastmail and I'm hoping this is just a mistake that can be easily cleared up. Can you help? 

Many thanks!

Chris

site blocked.jpg

site blocked 2.jpg

Link to post
Share on other sites
1 hour ago, Christinadina said:

Hello!

Today I'm suddenly getting warnings every time I open a new email. I checked the IP in the warning and it said it appeared to be malicious. I see there have been previous issues with pages associated with Fastmail and I'm hoping this is just a mistake that can be easily cleared up. Can you help? 

Many thanks!

Chris

site blocked.jpg

site blocked 2.jpg

 

I have the exact same issue that just started happening today -- same summary except the IP = 66.111.4.87 -- it is preventing me from opening simple jpg attachments from friends in Fast Mail... 

Link to post
Share on other sites

https://www.fastmail.com/about/bugbounty/

Quote

The domains user.fm and fastmailusercontent.com are used to host potentially unsafe user content. By keeping this content in completely separate domains, we avoid any security issues with our core fastmail.com domain. As such, any Cross-Site Scripting (XSS) attacks on these sites are not of interest to us. Please note that if you go to a user web site such as http://testuser.fastmail.com it immediately redirects to http://testuser.fastmail.com.user.fm and is thus in the user.fm security domain, not the fastmail.com domain.

 

Link to post
Share on other sites

And yet it worked fine until a few days ago. So unless Fastmail did something weird, I still blame Malwarebytes. Why? Because the "unsafe content" is fetched from domains that worked fine before. So nothing has changed in that respect. Unless suddenly several unrelated domains have, at the exact same time, began hosting malicious content. Extremely unlikely.

  • Like 1
Link to post
Share on other sites

Either way even with FP's better safe than sorry. I would rather have a FP then an infection any day. FP's are easy to fix, infections not so easy.

Edited by Porthos
Link to post
Share on other sites
3 minutes ago, Porthos said:

Either way even with FP's better safe than sorry. I would rather have a FP then an infection any day. FP's are easy to fix, infections not so easy.

They are not mutually exclusive.

Link to post
Share on other sites

This evening I too have suddenly had Malwarebytes block Operamail/Fastmail every time I open it. I tried on two different browsers, and each time, Malwarebytes claimed to block the site, though it's not clear that it really is blocked.I have used Operamail/Fastmail for many years and have never had a problem with it. Now, suddenly, I'm told there's some kind of trojan. I think this is probably a false positive. I have attached a screenshot of the blocking notice and also a screenshot of the detection history.  I should also note that I do a daily scan with Malwarebytes and it comes up clean every day.  I'm using Malwarebytes 4.3.0.98, Update version 1.0.39110.

 

MB_trojan.jpg

MB_detectionhistory.jpg

  • Like 1
Link to post
Share on other sites
6 hours ago, JPopovic said:

Hello,

The block will be removed.

Removal should be reflected in next database update.

Thank you and please let us know if you need any additional help!

Seems to be still blocked.

Link to post
Share on other sites
33 minutes ago, XesMal said:

Did the "next database update" happen already?

It should have been within about 4 hours after the fix was announced.

Edited by Porthos
Link to post
Share on other sites
7 hours ago, JPopovic said:

The block will be removed.

Removal should be reflected in next database update.

Thank you for moving this post, and thanks for looking into the issue.

I typically have the option of 'showing images' in my email, but currently they're not showing, and I get the above error when I right-click to load images.

Will await the cleanup. Thanks again for reviewing!

Link to post
Share on other sites
2 hours ago, Porthos said:

It should have been within about 4 hours after the fix was announced.

They did not announce it was already fixed; they indicated: 

The block will be removed.

Removal should be reflected in next database update.

Link to post
Share on other sites
5 hours ago, XesMal said:

They did not announce it was already fixed; they indicated: 

 

5 hours ago, XesMal said:

Removal should be reflected in next database update.

That is what a fix means and when I made the comment it was 6 hours after the post saying "next update"

  • Like 1
Link to post
Share on other sites

Many thanks to the Malwarebytes staff and the users who called this false positive to their attention. One of the many things I love about Malwarebytes is the speed with which they investigate, report back, and when necessary issue an update to fix the problem.  👍

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.