Firefox Download being classified as Trojan-Downloader/Win32.banload.aumr.

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

Firefox Download being classified as Trojan-Downloader/Win32.banload.aumr.

The Firefox 3.6.9 downloads from any of the mirros is being classified as Trojan-Downloader/Win32.banload.aumr, threat ID 2549505. Problem on Mozilla's end?

Here's the data from the PCAP:

fox/releases/3.6.9/win32/en-US/

-Type: application/octet-stream

MZ......................@...............................................!..L.!This program cannot be run in DOS mode.


$........H...)u..)u..)u...~..)u.75{..)u......)u...q..)u..)t. )u.w&(..)u...~..)u.s/s..)u.Rich.)u.........PE..L...fJ.D.....................p...p........... ....@.................................O.......................................\...p.... ..\l...........5..............................................................................................UPX0.....p..............................UPX1................................@....rsrc....p... ...n..................@..............................................................................................................................................................................................................................................................................................................................................................................................................2.03.UPX!
..
.....e2.............&.......V...N.....13..Fx.Nt.H.........@.......AA..Fh.....^......41V3..F`.".FT.Xo..-\.P.,&.$.j....mSZN.P.J.Bj....o
$^..k.. ..|/..A.,0.4.p8.P(m..-L.@.DH.<....T.."${.
....xS..VW.....M.....E.lS.E.3.P.}..w.......@..u.#..E..'.G..w..ut}..F0;....E.}.j....fk....Yt..`..\....3.....m..u.t...VV.].+.....,.E........
.O...d.a..M.I.M.....L.E....e.V..y...
.S.P.Q..w..M.=..7V+w....e..P....X.m..1.;.........E.E.?....;;..Vh..1..........as.i..
P....;.W......Pt
Tags (2)
Highlighted
L4 Transporter

Hello,

thanks for the heads up. This is actually good information. Can you send in an email to support@paloaltonetworks.com with this same information. This can then be forwarded to our content team and we can fix this in about 1 week.

Can you include the following in your email:

serial number of your device

software version

content version

virus version if applicable

the pcap

the threat id

the name of the threat

thanks again,

Stephen

Highlighted
L4 Transporter

Just sent it. Thank you very much!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!