It is not necessary for a previously good site to have been hacked to serve up badness, though that's possible.
One other way is that a site might unknowingly sell advertising to someone operating under a false flag - that is, pretending to be a legitimate company, but in actuality being a nasty hacker, and the ad that's put up can be almost anything... Kurt On Fri, May 14, 2010 at 08:28, John Aldrich <[email protected]> wrote: > > Our ISP has a RedCondor appliance that they run our email through. Guess I > ought to advise them that we’re getting bad URLs through the filter. Also, > I’m getting more notifications of bad scripts blocked on “previously good” > sites. Would that mean that the site was likely hacked and a bad applet > inserted or something? > > > > > > From: Jeff Cain [mailto:[email protected]] > Sent: Friday, May 14, 2010 11:26 AM > To: NT System Admin Issues > Subject: RE: "A known bad URL was replaced" > > > > If VIPRE removed a URL from an email that means it was in our “bad” list from > Threat Track. VIPRE was most likely not over-reacting. Which spam filter do > you use? > > > > Thanks, > Jeff Cain > > Technical Support Analyst > Sunbelt Software > Email: [email protected] > Voice: 1-877-673-1153 > Fax: 1-727-562-5199 > Web: <http://www.sunbeltsoftware.com> > Physical Address: > 33 N Garden Ave > Suite 1200 > Clearwater, FL 33755 > United States > > -------------------------------------------------------- > If you do not want further email from us, please forward > this message to [email protected] with > the word 'unsubscribe' in the subject of your email. > -------------------------------------------------------- > > Helpful Sunbelt Software Links: > > > > Knowledge Base > > Open a New Support Ticket > > Sunbelt Software Product Support Communities > > > > From: John Aldrich [mailto:[email protected]] > Sent: Friday, May 14, 2010 10:45 AM > To: NT System Admin Issues > Subject: "A known bad URL was replaced" > > > > I keep getting notices from Vipre that one or another machine has cleaned an > email of a known bad URL, but it never really gives me any more info. Should > I be worried that this stuff is getting past our spam/virus filters? Also, is > this *really* cleaning a bad URL or is Vipre overreacting? > > > > > > > > > > ... > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
