Jump to content

What?! I mean, what logic is this and why


wolfhowler

Recommended Posts

If the user isn’t staff they shouldn’t have allowed it, and staff should really test that on a test system not on the live system.

I have scribbled over the profile picture and a link in the request but it didn’t look like Fiverr. The link was to an outside unknown website

Link to comment
Share on other sites

The virus check on attachments in BR seems like a new thing (I’ve not seen that “We detected potentially unsafe files in the attachments” message before today I think. I’m seeing it on one that has a .mp4 file only. I don’t know if it’s accurate.

Staff are supposed to check the buyer requests before they go live but that doesn’t seem to have been checked (or not properly if at all).

It’s another reason we need a report option on the buyer requests page.

Also if their checker thinks it’s unsafe I don’t know why they still show the buyer request.

Link to comment
Share on other sites

The virus check on attachments in BR seems like a new thing (I’ve not seen that “We detected potentially unsafe files in the attachments” message before today I think. I’m seeing it on one that has a .mp4 file only. I don’t know if it’s accurate.

Staff are supposed to check the buyer requests before they go live but that doesn’t seem to have been checked (or not properly if at all).

It’s another reason we need a report option on the buyer requests page.

Also if their checker thinks it’s unsafe I don’t know why they still show the buyer request.

I agree with all of this. No idea why it’s displayed with a potentially unsafe attachment. It should be taken down until a manual review takes place. That would certainly seem logical.

Link to comment
Share on other sites

Now I’m full of questions too! That’s so weird and not logic in so many ways…

So, are you still able to download that attachment even if it says “We detected…”

It doesn’t make any sense why Fiverr would leave a request up if it contained “potentially unsafe” files.

Link to comment
Share on other sites

Now I’m full of questions too! That’s so weird and not logic in so many ways…

So, are you still able to download that attachment even if it says “We detected…”

So, are you still able to download that attachment even if it says “We detected…”

I guess you are able to download it…

It’s like: “Yeah we detected it but here you go have fun with it”. And what’s all about that “Antivirus test Antivirus test…”

Link to comment
Share on other sites

So, are you still able to download that attachment even if it says “We detected…”

I guess you are able to download it…

It’s like: “Yeah we detected it but here you go have fun with it”. And what’s all about that “Antivirus test Antivirus test…”

Looks like a potentially malicious user attempting to learn what does and does not trigger Fiverr’s systems.

Link to comment
Share on other sites

Looks like a potentially malicious user attempting to learn what does and does not trigger Fiverr’s systems.

attempting to learn what does and does not trigger Fiverr’s systems.

Yeah… Thinking about that, it is even more scary. Fiverr is taking weeks, months to fix search issues, analytics issues just to discover even more issues.

How much would it take to secure their users from these people?

Link to comment
Share on other sites

To be honest, I don’t see what the big deal is here. We just had a thread warning about malware being distributed via buyer requests. Now, it seems like Fiverr has taken notice and is looking at ways to remedy this problem.

A real hacker or cyber-criminal isn’t going to say “this is an anti-virus test” repeatedly when trying to distribute malware. Immediately, this looked to be like Fiverr running a test using a dummy account.

At some point, people have to take accountability for their own actions. To bid on a request that says nothing more than “this is an anti-virus test” or download a file from the same request that is flagged as suspicious just doesn’t make sense.

Link to comment
Share on other sites

To be honest, I don’t see what the big deal is here. We just had a thread warning about malware being distributed via buyer requests. Now, it seems like Fiverr has taken notice and is looking at ways to remedy this problem.

A real hacker or cyber-criminal isn’t going to say “this is an anti-virus test” repeatedly when trying to distribute malware. Immediately, this looked to be like Fiverr running a test using a dummy account.

At some point, people have to take accountability for their own actions. To bid on a request that says nothing more than “this is an anti-virus test” or download a file from the same request that is flagged as suspicious just doesn’t make sense.

Immediately, this looked to be like Fiverr running a test using a dummy account.

It didn’t look like a test, due to the profile image used and the link attached to that buyer request. Also it was stated in this thread before, anything like threat testing would “normally” not be done on a live system but an isolated system not accessible by users.

Link to comment
Share on other sites

To be honest, I don’t see what the big deal is here. We just had a thread warning about malware being distributed via buyer requests. Now, it seems like Fiverr has taken notice and is looking at ways to remedy this problem.

A real hacker or cyber-criminal isn’t going to say “this is an anti-virus test” repeatedly when trying to distribute malware. Immediately, this looked to be like Fiverr running a test using a dummy account.

At some point, people have to take accountability for their own actions. To bid on a request that says nothing more than “this is an anti-virus test” or download a file from the same request that is flagged as suspicious just doesn’t make sense.

I think you’re wrong here. I updated my ticket and added this case.

This is the reply:

Wow!! Would you mind sharing a username so we can look into this?

I don’t think that this sounds like they are aware of this and that it’s their test. Of course, I might be wrong.

Link to comment
Share on other sites

Immediately, this looked to be like Fiverr running a test using a dummy account.

It didn’t look like a test, due to the profile image used and the link attached to that buyer request. Also it was stated in this thread before, anything like threat testing would “normally” not be done on a live system but an isolated system not accessible by users.

anything like threat testing would “normally” not be done on a live system

Not true.; Lets look at the facts, if some is trying to distrtibute malware on BR, they are likely checking BR regularly to see how to create a buyer request that gets tons of clicks.

Right now, Fiverr could be turning the attackers social engineering attack vector back on them. After all, what is an attacker going to think if they see this?

I would guess that they will think, "Fantastic! Let’s see what this file is so that we can see what gets through their virus checking system."

The file is likely harmless, but Fiverr will see the username, IP address, and ISP of everyone who downloads it. That helps them identify who is trying to undermine Fiverr’s security.

In some respects, Fiverr can be very smart at times. However, this isn’t an innovative cyber defense strategy. Deploying decoys like this is pretty routine. That said, in case I am right, a Mod like @wp_kid might want to remove this thread so that I don’t give the game away.

Link to comment
Share on other sites

anything like threat testing would “normally” not be done on a live system

Not true.; Lets look at the facts, if some is trying to distrtibute malware on BR, they are likely checking BR regularly to see how to create a buyer request that gets tons of clicks.

Right now, Fiverr could be turning the attackers social engineering attack vector back on them. After all, what is an attacker going to think if they see this?

I would guess that they will think, "Fantastic! Let’s see what this file is so that we can see what gets through their virus checking system."

The file is likely harmless, but Fiverr will see the username, IP address, and ISP of everyone who downloads it. That helps them identify who is trying to undermine Fiverr’s security.

In some respects, Fiverr can be very smart at times. However, this isn’t an innovative cyber defense strategy. Deploying decoys like this is pretty routine. That said, in case I am right, a Mod like @wp_kid might want to remove this thread so that I don’t give the game away.

What about their reply on my support ticket?

Link to comment
Share on other sites

It doesn’t change anything. Fiverr isn’t exactly going to tell you what their IT department is up to.

I’ve got a final answer on this potential issue seen by @wolfhowler in my support ticket.

We are aware of this issue and this is being taken care of via our support team. You are more than welcome to continue reporting this via our Forum page and through us!

Link to comment
Share on other sites

anything like threat testing would “normally” not be done on a live system

Not true.; Lets look at the facts, if some is trying to distrtibute malware on BR, they are likely checking BR regularly to see how to create a buyer request that gets tons of clicks.

Right now, Fiverr could be turning the attackers social engineering attack vector back on them. After all, what is an attacker going to think if they see this?

I would guess that they will think, "Fantastic! Let’s see what this file is so that we can see what gets through their virus checking system."

The file is likely harmless, but Fiverr will see the username, IP address, and ISP of everyone who downloads it. That helps them identify who is trying to undermine Fiverr’s security.

In some respects, Fiverr can be very smart at times. However, this isn’t an innovative cyber defense strategy. Deploying decoys like this is pretty routine. That said, in case I am right, a Mod like @wp_kid might want to remove this thread so that I don’t give the game away.

You are assuming the attacker was intelligent and organised in some way. There are many people out there that would try that not knowing how stupid they are being doing it.

Link to comment
Share on other sites

You are assuming the attacker was intelligent and organised in some way. There are many people out there that would try that not knowing how stupid they are being doing it.

You are assuming the attacker was intelligent and organised in some way.

I’m really not. I’m assuming like Fiverr probably is, that the attacker is an idiot. Most sellers who use buyer requests are not exactly making megabucks. It makes no sense to try and offload malware to them to try and steal data that could eventually lead to a $5 payday.

The person or group trying to distribute malware is clearly missing a few cognitive nuts and bolts. My guess, though, is that Fiverr is taking the threat seriously, in case whomever the attacker is grows a new neuron and decides to start sending malware via direct messages to sellers.

As it is, most wannabe cyber troublemakers who target Fiverr are idiots. In my brief stint as a MOD in 2016, I was able to provide Fiverr with the IP address and email of someone who was deluging the forum with spam at the time. That freaked CS out a bit, but I was able to get all the information in question just by running some of the attackers’ faux Fiverr account names through Shodan.

All that said, I could be wrong.

Link to comment
Share on other sites

You are assuming the attacker was intelligent and organised in some way.

I’m really not. I’m assuming like Fiverr probably is, that the attacker is an idiot. Most sellers who use buyer requests are not exactly making megabucks. It makes no sense to try and offload malware to them to try and steal data that could eventually lead to a $5 payday.

The person or group trying to distribute malware is clearly missing a few cognitive nuts and bolts. My guess, though, is that Fiverr is taking the threat seriously, in case whomever the attacker is grows a new neuron and decides to start sending malware via direct messages to sellers.

As it is, most wannabe cyber troublemakers who target Fiverr are idiots. In my brief stint as a MOD in 2016, I was able to provide Fiverr with the IP address and email of someone who was deluging the forum with spam at the time. That freaked CS out a bit, but I was able to get all the information in question just by running some of the attackers’ faux Fiverr account names through Shodan.

All that said, I could be wrong.

On the request I saw and screenshotted there was no file to download, that had been removed and the message you see is there instead.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...