https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50967#M37507 <HTML><HEAD></HEAD><BODY><P>The Firefox 3.6.9 downloads from any of the mirros is being classified as Trojan-Downloader/Win32.banload.aumr, threat ID 2549505. Problem on Mozilla's end?</P><P></P><P>Here's the data from the PCAP:</P><P></P><PRE __default_attr="plain" __jive_macro_name="code" class="jive_text_macro jive_macro_code">fox/releases/3.6.9/win32/en-US/<BR /><BR />-Type: application/octet-stream<BR /><BR />MZ......................@...............................................!..L.!This program cannot be run in DOS mode.<BR /><BR /><BR />$........H...)u..)u..)u...~..)u.75{..)u......)u...q..)u..)t. )u.w&amp;(..)u...~..)u.s/s..)u.Rich.)u.........PE..L...fJ.D.....................p...p........... ....@.................................O.......................................\...p.... ..\l...........5..............................................................................................UPX0.....p..............................UPX1................................@....rsrc....p... ...n..................@..............................................................................................................................................................................................................................................................................................................................................................................................................2.03.UPX!<BR />..<BR />.....e2.............&amp;.......V...N.....13..Fx.Nt.H.........@.......AA..Fh.....^......41V3..F`.".FT.Xo..-\.P.,&amp;.$.j....mSZN.P.J.Bj....o<BR />$^..k.. ..|/..A.,0.4.p8.P(m..-L.@.DH.&lt;....T.."${.<BR />....xS..VW.....M.....E.lS.E.3.P.}..w.......@..u.#..E..'.G..w..ut}..F0;....E.}.j....fk....Yt..`..\....3.....m..u.t...VV.].+.....,.E........<BR />.O...d.a..M.I.M.....L.E....e.V..y...<BR />.S.P.Q..w..M.=..7V+w....e..P....X.m..1.;.........E.E.?....;;..Vh..1..........as.i..<BR />P....;.W......Pt<BR /></PRE></BODY></HTML> Wed, 15 Sep 2010 15:09:01 GMT mharding 2010-09-15T15:09:01Z https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50967#M37507 <HTML><HEAD></HEAD><BODY><P>The Firefox 3.6.9 downloads from any of the mirros is being classified as Trojan-Downloader/Win32.banload.aumr, threat ID 2549505. Problem on Mozilla's end?</P><P></P><P>Here's the data from the PCAP:</P><P></P><PRE __default_attr="plain" __jive_macro_name="code" class="jive_text_macro jive_macro_code">fox/releases/3.6.9/win32/en-US/<BR /><BR />-Type: application/octet-stream<BR /><BR />MZ......................@...............................................!..L.!This program cannot be run in DOS mode.<BR /><BR /><BR />$........H...)u..)u..)u...~..)u.75{..)u......)u...q..)u..)t. )u.w&amp;(..)u...~..)u.s/s..)u.Rich.)u.........PE..L...fJ.D.....................p...p........... ....@.................................O.......................................\...p.... ..\l...........5..............................................................................................UPX0.....p..............................UPX1................................@....rsrc....p... ...n..................@..............................................................................................................................................................................................................................................................................................................................................................................................................2.03.UPX!<BR />..<BR />.....e2.............&amp;.......V...N.....13..Fx.Nt.H.........@.......AA..Fh.....^......41V3..F`.".FT.Xo..-\.P.,&amp;.$.j....mSZN.P.J.Bj....o<BR />$^..k.. ..|/..A.,0.4.p8.P(m..-L.@.DH.&lt;....T.."${.<BR />....xS..VW.....M.....E.lS.E.3.P.}..w.......@..u.#..E..'.G..w..ut}..F0;....E.}.j....fk....Yt..`..\....3.....m..u.t...VV.].+.....,.E........<BR />.O...d.a..M.I.M.....L.E....e.V..y...<BR />.S.P.Q..w..M.=..7V+w....e..P....X.m..1.;.........E.E.?....;;..Vh..1..........as.i..<BR />P....;.W......Pt<BR /></PRE></BODY></HTML> Wed, 15 Sep 2010 15:09:01 GMT https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50967#M37507 mharding 2010-09-15T15:09:01Z https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50968#M37508 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>thanks for the heads up. This is actually good information. Can you send in an email to <A href="mailto:support@paloaltonetworks.com">support@paloaltonetworks.com</A> with this same information. This can then be forwarded to our content team and we can fix this in about 1 week.</P><P>Can you include the following in your email:</P><P></P><P></P><P>serial number of your device</P><P>software version</P><P>content version</P><P>virus version if applicable</P><P>the pcap</P><P>the threat id</P><P>the name of the threat</P><P></P><P></P><P>thanks again,</P><P>Stephen</P></BODY></HTML> Wed, 15 Sep 2010 22:21:37 GMT https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50968#M37508 swhyte 2010-09-15T22:21:37Z https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50969#M37509 <HTML><HEAD></HEAD><BODY><P>Just sent it. Thank you very much!</P></BODY></HTML> Thu, 16 Sep 2010 13:20:57 GMT https://live.paloaltonetworks.com/t5/general-topics/firefox-download-being-classified-as-trojan-downloader-win32/m-p/50969#M37509 mharding 2010-09-16T13:20:57Z