McAfee sued for web warnings

2008-09-01

Helen Martin

Virus Bulletin, UK
Editor: Helen Martin

Abstract

Disgruntled website owners call SiteAdvisor labelling into question.

Copyright © 2008 Virus Bulletin

McAfee is being sued over its popular SiteAdvisor system, which rates web domains for security and privacy risks and is implemented in search results produced by Yahoo!. The security firm is being sued by a website its SiteAdvisor has labelled with the ‘red-for-danger’ mark.

The people behind 7search.com claim their site is clean and have taken their grievances to a court in Illinois, demanding damages and enforced retraction of the alleged slur. However, wording on the SiteAdvisor page makes it clear that the label is based on user reports, and makes no direct accusations against the site. Numerous reporters have pointed out links between 7search and previous, highly dubious ventures, including toolbars which claimed to speed up browsing but also gathered information on surfing habits. The current 7search offering has been accused of hiding sponsored links amongst genuine search results.

Some commentators have argued that the case threatens the ability of security firms to properly protect their customers, while others think little of the suit’s chances. Like most security products, SiteAdvisor has its share of false positive incidents, and VB has heard from several firms who have felt their own businesses threatened after red warning links from SiteAdvisor significantly reduced traffic to their websites.

One website owner, Julian Moss of Tech-Pro.Net, spent over a week watching his traffic dry up after a file linked to from his site (a product produced by PC Tools, recently acquired by McAfee’s arch-rival Symantec) produced a false alarm. He made little progress with the SiteAdvisor complaints procedure: ‘Only a strong threat of legal action appeared to spur McAfee into action to investigate our complaint, confirm the file was harmless and remove our site from the blacklist,’ he said. ‘Even then, it was several more weeks before sites that received a red alert because they linked to ours were cleared.’

It will be interesting to see whether in this latest case, with what looks like a little more justification on its side, McAfee will stand up to the legal challenge.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.