Avatar is a Security Flaw?

Started by Saiseiki, September 17, 2020, 05:55:28 PM

September 17, 2020, 05:55:28 PM Last Edit: September 17, 2020, 05:57:50 PM by Saiseiki
From a PM from another player.  Has anyone else experienced this, and, if so, would someone more tech-savvy than myself please confirm this is what it sounds like?

Out of an abundance of caution, as soon as I post this, I'm dropping the avatar picture.  The last thing I want to be doing is spreading malware. =(

URL info:  http://u.cubeupload.com/Saiseiki/46488226102161070905.jpg


"Hey, I already submitted this as a security flaw on the forum.  Your logo is popping up as a virus/malware.

It's not just you for sure, there are literally hundreds of folks on this board using the u.cubeupload thing.  But ever single one of you dings malware/virus filter.  So you might be inadvertently screwing up people's pcs.

details to follow:
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/17/20
Protection Event Time: 12:18 PM
Log File: 6916ce0c-f901-11ea-a2c4-309c2324c356.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.29981
License: Premium

-System Information-
OS: Windows 10 (Build 19041.508)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: u.cubeupload.com
IP Address: 172.67.73.233
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe
(end)"
Labor omnia vincit - "(Hard) work conquers all."

With alot of image/file hosting sites, some people can/will use trojans in their images that usually end up flagging antivirus website protection services by association even if there isn't one on that particular image. If cubeupload is experiencing an uptick of trojans and it's kinda inevitable. I recommend switching to something like imgur(which might result in some image compression depending on how big your image is) or some alternative image/file hosting site like sharex, catbox.moe... etc.

Quote from: betweenford on September 18, 2020, 02:06:14 AM
With alot of image/file hosting sites, some people can/will use trojans in their images that usually end up flagging antivirus website protection services by association even if there isn't one on that particular image. If cubeupload is experiencing an uptick of trojans and it's kinda inevitable. I recommend switching to something like imgur(which might result in some image compression depending on how big your image is) or some alternative image/file hosting site like sharex, catbox.moe... etc.

Explanation and course of action much appreciated. =)
Labor omnia vincit - "(Hard) work conquers all."

September 18, 2020, 06:58:03 AM #3 Last Edit: September 18, 2020, 07:02:37 AM by Kyviantre
From what I read, it is other people's over-active malware, nothing to do with cubeupload.  So whether you have problems will depend on whether your malware software (mine, for example, is fine).  Namely, the one that seems to have a problem is Malwarebytes...although my googling seems to be pulling up things a couple of years ago - Malwarebytes takes umbrage with the 'u.cubeupload' part, which is what people use for avatars.

I also read that it might be something to do with http vs https, and there was even one suggestion that it is malware attacking chrome (that is on the user end that says they are having problems) that causes it...but that last bit seems a smidge suspect!

Problem of some muppets uploading malware in images, and then getting an entire hosting site onto an anti-malware's blacklist.  Frustrating.

So...nothing new, nothing dangerous, no need to panic.  Just over-zealous malware software due to some dinks elsewhere on the internet.
Previous of note: Kaevya the blind Tor Scorpion, Kaloraynai 'Raynai' the beetle Ruk, Korenyire of SLK, Koal 'Kick' the hooved Whiran, Kocadici/Dici/Glimmer, Koefaxine the giant Oashi 'Aide', Kosmia 'Grit' the rinthi
Current: Like I'd tell you.

Thanks for the breakdown, K.  Miss ya!   :D
Labor omnia vincit - "(Hard) work conquers all."

As the guy who found this with malwarebytes.  My only word of caution would be if the site is blacklisted by a legit malware fighting software.  I would look for a different site to host my image.

It's like saying, I'll still goto that neighborhood because there is good people, when there is reports of violent crime everyday?  I'd rather just meet those people in a better neighborhood.

But again, I was just letting folks know.
"This is a game that has elves and magick, stop trying to make it realistic, you can't have them both in the same place."

"We have over 100 Unique Logins a week!" Checks who at 8pm EST, finds 20 other players but himself.  "Thanks Unique Logins!"