sabnzb opens malicous links in the Background

[Elendt]

a few times a day Avast shows a message that it just blocked an attempt from sabnzb to open an malicious Link to

Code: Select all

http://www.finanziellesinteresse.com/?A=4683&B=290&SubAffiliateID=23106216&sid=201408281703264fa2d3ad717ea927c9

. That happens regardless if their are a actual downloads in the Queue or it idles.
And yes i am sure it is sabnzb, after i uninstalled it, no more Messages. Right after the installing it again the Messages are back.
The newly installed program i download from here, so i'll guess it shouldn't be a compromised Version.

Any suggestions on that odd behavior?

[shypike]

It looks more like you have an infected system.
SABnzbd does not call any outside websites, except:
sourceforge.com to get the "latest version" file,
wikidot.com to get the Help pages,
indexers, if you setup an RSS feed

Try one of the (much) older versions.

Other than that, malicious links are malicious for web browsers.
SABnzbd doesn't need external links to do damage to your system, if it wanted to.

I don't want to brush off your concerns, but I would need to see more evidence.

[Elendt]

Well neither Avast nor Malwarebytes Anti-Malware found anything on my System, tryed that before i posted here.
So what kind of evidence you need. Like a screenshot from the Avast Popup?

Dont get me wrong, i dont blame anyone for damaging anything or trying too, i saw it, i was irritated, i posted it.

Screenshot of the Avast Popup with the Details on their Website


Link to the Avast Webpage about it:
http://tinyurl.com/q39na8r

[shypike]

I appreciate the report.
Would it be possible to create a debug log of this problem?
Go to the SABnzbd status page, set log level to debug.
Then do whatever it takes to get Avast to trigger.
After that download the log file from SABnzbd's status page and email it to [email protected]
Also, can you ZIP the full content of your c:\program files (x86)\SABnzbd folder (and subfolders)
and send that to some filesharing site?

Is there a specific action being done by SABnzbd when Avast triggers?
It could be that one of the indexing sites that you use has a malicious redirection to another site
and feeds that to SABnzbd.
It could be that the RSS feed contains malicious pointers.
Given the way SABnzbd processes RSS links, it's extremely unlikely that such links can hurt your system.
If it's not an NZB file, SABnzbd just ignores it.

[Elendt]

Well okay,after you asked for the Debug Log and mentioned the RSS Feeds, i found the pattern in it.
It wasn't a Sabnzb Problem.

I still subscribed to an RSS Feed from Kere.ws, thats triggering the URL Call.
Well it may not hurt, but looks like a nice way to make money with a link affiliation, and it seems the current Owner of kere.ws tryed that.

Many thanks for your help to point out where it comes from, i appreciate that.

[shypike]

No problem.
I'm glad you reported it and did a proper analysis.