{"id":2354,"date":"2014-10-24T18:46:55","date_gmt":"2014-10-24T18:46:55","guid":{"rendered":"http:\/\/www.freefixer.com\/b\/?p=2354"},"modified":"2018-05-29T12:01:56","modified_gmt":"2018-05-29T12:01:56","slug":"safe-down-virustotal-report","status":"publish","type":"post","link":"https:\/\/www.freefixer.com\/b\/safe-down-virustotal-report\/","title":{"rendered":"Safe Down &#8211; 22% Detection Rate &#8211; Detected as IBryte and"},"content":{"rendered":"<p>Welcome! Just a short post on a publisher called <strong>Safe Down<\/strong>. I just found a download named Java_Setup.exe that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.<\/p>\n<p>What caught my attention was that the download was called Java_Setup.exe. This might look like an official Java download, but it is not. If it was an official download, it should be digitally signed by Oracle INC.<\/p>\n<p>22% of the scanners detected the file. ESET-NOD32 reports Java_Setup.exe as <strong>a variant of Win32\/AdWare.iBryte.BM<\/strong>, Fortinet detects it as <strong>W32\/Zbot.AAN!tr<\/strong>, Kaspersky calls it <strong>Trojan.Win32.Badur.joje<\/strong>, McAfee reports <strong>IBryte-FRK<\/strong> and VIPRE names it <strong>Optimum Installer (fs)<\/strong>.<\/p>\n<p><a href=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/10\/safe-down-virustotal.png\"><img loading=\"lazy\" class=\"alignnone size-full wp-image-2355\" src=\"http:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/10\/safe-down-virustotal.png\" alt=\"safe down virustotal\" width=\"738\" height=\"586\" srcset=\"https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/10\/safe-down-virustotal.png 738w, https:\/\/www.freefixer.com\/b\/wp-content\/uploads\/2014\/10\/safe-down-virustotal-300x238.png 300w\" sizes=\"(max-width: 738px) 100vw, 738px\" \/><\/a><\/p>\n<p>Did you also find a Safe Down file?<\/p>\n<p>Thank you for reading.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome! Just a short post on a publisher called Safe Down. I just found a download named Java_Setup.exe that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs. What caught my attention was that the download was called Java_Setup.exe. This might look like an official Java download, &hellip; <a href=\"https:\/\/www.freefixer.com\/b\/safe-down-virustotal-report\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Safe Down &#8211; 22% Detection Rate &#8211; Detected as IBryte and<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[54],"tags":[184,199],"_links":{"self":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2354"}],"collection":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/comments?post=2354"}],"version-history":[{"count":1,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2354\/revisions"}],"predecessor-version":[{"id":2356,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/posts\/2354\/revisions\/2356"}],"wp:attachment":[{"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/media?parent=2354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/categories?post=2354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.freefixer.com\/b\/wp-json\/wp\/v2\/tags?post=2354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}