Security Warning
2011-12-01 09:00 (NZ)
It has come to my attention that an anti-virus program "VirusBarrier" has blacklisted the 3rd party getfavicon.appspot.com website. USB uses this website's API to safely retrieve favicons for destination links.
Whilst I'm 99.9% certain that this will not be a security risk, it's
better to be sure until I know more. So for now I'm urging all users to
VirusBarrier has responded and said that it's a false positive, please read their email below.
At the moment USB uses the getfavicon.appspot.com service to fetch
favicons for sites so we can show them in the statusbar. We basically
try to load an image from the site via it's favicon API and that is all,
so there _shouldn't_ be any risk involved (either an image loads, or it
doesn't, no code is run from the site).
What I suspect has happened here is that the
http://getfavicon.appspot.com site has been hacked by a bot, and various
malicious scripts have been embedded in the sites html. This would show
up warnings and may get the site added to a blacklist until the
malicious scripts have been removed. USB _shouldn't_ be loading any of
these pages and as such shouldn't be affected. The blacklist is then
propagated to various Anti-Virus programs (including VirusBarrier by the
looks of things) and it's that warning that is now showing up when you open Safari.
I'll be following this up asap, and posting information here when I get it. If all
else fails I'll have to build my own favicon service :(
Thanks for your patience in this manner.
2011-12-01 10:40
After extensive googling I can't find out any information on this at all. I've sent an email off to VirusBarrier requesting the security advisory, but at this point it's looking more and more like a false positive in their phishing checker (here's hoping that that is indeed the case).
2011-12-01 12:35
Response from VirusBarrier :
Hello Intego Customer,
Thank you for contacting Intego Support. We have identified that the Anti-phishing alerts you have been receiving were false positives. We have released a new set of Virus Definitions that should correct the issue. Please restart your computer, open NetUpdate from your Applications Folder, and install the new Virus Definitions. This should resolve the issue. We appreciate your patience in this matter, and please let us know if the issue persists.
Kind Regards,
John
Intego Sales & Support Team
So it's a false positive, phew! Just run an update and restart and you should be sorted.
Many thanks to Steven for bringing this to my attention.