Hello,
When the PSB portal sends an infection alert email message to an administrator, it can include some malicious content.
I have seen a case where PSB Workstation has blocked an exploit kit (excellent), but the portal has then emailed the malicious URL to the PSB Admin in an infection alert, where it has been clicked again.
Sending malicious URLs in an email alert is clearly dangerous, and there are a couple of easy ways to remove/reduce the danger (I've seen both used by other security products):
1. Obfuscate the malicious URL so it cannot be easily/accidentally clicked (e.g http://malicious.com could be hxxp://malicious.com so it will not load in a browser until the admin manually modifies the URL)
2. Direct the alert recipient to the portal if they require further details
In the infection reports tab in the portal, the malicious URLs are not rendered as hyperlinks so an administrator has to consciously copy/paste the URL to visit the page.
In the email alert, the malicious URL is a hyperlink which is dangerous as inexperienced administrators may click these URLs either deliberately or accidentally.
If F-Secure agree that emailing malicous hyperlinks to customers is dangerous, could either of the above changes be implemented?
Thanks,
Nick
