Trend Micro: Are Trained Monkeys Adding Threat Classifications?

October 20th, 2009 by Paul Sterley | Filed under Antivirus Software, Trend Micro.

When I go to http://icanhascheezburger.com, which is a WordPress Blog showing cute cat pictures with (sometimes) funny captions, the page loads OK, but then I get this pop-up error a few seconds later.

trendwarningpopup

However, I did some research on js-kit.com, and found that it is a site that makes plug-ins for people to rate things in blog pages. There’s nothing sinister about it. I googled the heck out of it looking for anyone who was saying it was a malicious thing. I found none.
I went directly to the URL listed as being dangerous, and I got the following warning, again from Trend Micro:

trendwarningdetail

So I went to www.js-kit.com, without the “ratings.js” on the end, and I learned that it is a site written by people who create plug-ins for blog sites, so people can rate how cool they thought particular items were. Again, nothing sinister.

However, I also noticed that when the page loaded, the Internet Explorer icon next to the Address Bar showed an icon that looks a little bit like the Trend Micro icon. It’s blue, it’s circular, and it has some squiggles in it – but it’s NOT the same icon, and they are not pretending to be Trend. They’re not spoofing, but I can see why a moron might think so. Here is the comparison between the two:

Trend icon:
trendmicrotrayicon

JS-Kit icon:
js-kiticon

Maybe an idiot might think those were the same icon, but I don’t.

Further information about JS-Kit:
They build plug-ins for blogs. Their site tells how to embed the plug-ins. It’s really pretty straightforward. Here are the instructions:

js-kit-usage

…and here is a URL to their FAQ, telling all about what they do.
http://wiki.js-kit.com/FAQ+-+Navigator

I called Trend Micro support and asked about it. The tech did not have any idea why it was blocked, and when I showed him the JS-Kit icon, he actually made noises like he thought it was fishy, that it was a good reason for them to be blocked. I had to educate him about how the icons may be SIMILAR, but they are NOT the same.

I’ve submitted this information to Trend Micro. Hopefully they will see how dumb they are being and it will be removed from their block list.

In the meantime, I guess I’ll add it to my exclusion list.

Update: I just got this from Trend Micro Support (potentially sensitive info blocked out):

From: Trend Micro Technical Support
Sent: Wednesday, October 21, 2009 11:03 AM
To: Paul Sterley
Subject: [SR#-#-##########] [WFBS 6.0] Website Blocked

 

Hi Mr. Sterley,

 

Good Day!

 

The URL that you submitted has now been untagged on our detection list.

 

Please confirm.

 

It is beneficial for our records to be up to date, by simply REPLYING Back to this email. Please let me know if I was able to resolve your Concern(s) so I may formally close this case for you. A simple “Close this case” note would do.

 

Again, thank you for your time.

 

Sincerely yours,

Xxxxxxx Xxxxxxxx

Systems Engineer

NABU SMB Support, Trend Micro Inc.

Tags: ,

«
»

One Response to “Trend Micro: Are Trained Monkeys Adding Threat Classifications?”

  1. RSP | 21/01/10

    Are trained monkeys adding to threat classifications? No. The UNtrained monkeys are.

    I’ve been petitioning Trend to declassify http://www.allspammedup.com, an anti-spam information blog operated by GFI, for several months now without success.

    If they don’t buck up their ideas soon (I have numerous gripes about their WFBS product), they’ll lose 30+ customers to a competitor.

Share Your Thoughts