Odd Behavoir Of Safepay For Infected Websites

Almost similar issue in SafePay also reported here


[escalated] Toolbar Can Be By-passed


plus one thing more since the translated version is not blocked and therefore opened successfully, there is an option by google tranlator on the website to show "Original" and "Translation". When I select the "Show Original" for the infected translated version, SafePay then fails to block it and in this way the infected website can be opened in the non-translated form (original) as well which was blocked by Safepay directly.

Comments

  • Almost similar issue in SafePay also reported here


    [escalated] Toolbar Can Be By-passed


    plus one thing more since the translated version is not blocked and therefore opened successfully, there is an option by google tranlator on the website to show "Original" and "Translation". When I select the "Show Original" for the infected translated version, SafePay then fails to block it and in this way the infected website can be opened in the non-translated form (original) as well which was blocked by Safepay directly.


    We will run tests regarding this - but I suppose is not directly under Safepay's control :(


    I will post here the results as soon as we understand what happens.


    Thanks for signaling this issue.


    Cristian

  • Hello,


    This behavior appears because the blocking method for this site is based on URL Blocker. When the user tries to access a translated page, the domain of the requested URL is google.com (in this case the infected url or the domain will not match the url of this type of request).


    We are looking into that and our team responsible for url blocking is working on o method so all the translated versions of an infected website could be detected.


    Thank you for your patience!


    Andrei Burdun


    QA Analyst

  • Hello,


    This behavior appears because the blocking method for this site is based on URL Blocker. When the user tries to access a translated page, the domain of the requested URL is google.com (in this case the infected url or the domain will not match the url of this type of request).


    We are looking into that and our team responsible for url blocking is working on o method so all the translated versions of an infected website could be detected.


    Thank you for your patience!


    Andrei Burdun


    QA Analyst


    Actually you mixed up the things in your product, all the protection features related to Web e.g URL Scanning, http scanning in Antivirus Module, SSL scanning, Anti-fraud, Anti-phishing etc should be under the separate Web Antivirus Module and not distributed in the Antivirus or Privacy Module. And by the way there are two points to be considered here as far as I know one is the malicious URL (translated or original) and possible injection of viruses in to the system. It seems that the infections from the translated versions are also excluded or whitelisted in some way.

  • Actually you mixed up the things in your product, all the protection features related to Web e.g URL Scanning, http scanning in Antivirus Module, SSL scanning, Anti-fraud, Anti-phishing etc should be under the separate Web Antivirus Module and not distributed in the Antivirus or Privacy Module. And by the way there are two points to be considered here as far as I know one is the malicious URL (translated or original) and possible injection of viruses in to the system. It seems that the infections from the translated versions are also excluded or whitelisted in some way.


    Thank you for your feedback! We appreciate it.


    Kind regards,


    Andrei Burdun

  • Thank you for your feedback! We appreciate it.


    Kind regards,


    Andrei Burdun


    Any progress regarding the subject issue after appreciation?

  • Hello,


    This is not strictly related to Safepay. Please follow your other topic under Privacy. My colleagues will update it once there is an ETA for the implementation.


    Best regards!


    Andrei