Difference between revisions of "WAF 360009"
(Created page with ''''Rule ID''' 360009 '''Alert Message''' Atomicorp.com Malware Blacklist: Malware domain detected in webserver output - this is a CRITICAL security issue. This means your…')
Revision as of 18:39, 4 May 2010
Atomicorp.com Malware Blacklist: Malware domain detected in webserver output - this is a CRITICAL security issue. This means your system may be serving up malware.
This rules detects that your system is displaying a URL with a known malware site. This can happen if your system is in fact serving up malware, or if you have some kind of trusted application that is displaying known malware sites (but is not in fact serving up malware).
Serving up malware can comprise your users systems and can (and probably will) get your domain added to other malware blacklists, such as the google blacklist. If this alert is occuring on your system your site may have been compromised. This is a critical alert and should be investigated before disabling this rule. ASL is protecting your users from possible compromise by your site.
A false positive can occur if the domain is not actually serving up malware (the domain may have been infected and no longer is) or if the webpage is simply displaying the URL but is not serving up malware. If you believe this is a false positive, it is recommended that you report this to our security team to determine if this is a legitimate case, or if its clever attack on your system.
If you do disable this rule, we recommend you enable the [ASL real time redactor] which can safely remove some malicious iframes and javascri[t code from your web pages without blocking access to the web page.
We do not recommend you not disable this rule without the [ASL real time redactor] enabled until our security team has reviewed the attack. Instructions to report false positives are detailed on the Reporting False Positives wiki page.