How Do I Report a Possible Malware Issue in SL?

[Lana207ave]

Hello.... I was visiting the "Abyss Observatory" when I received the following notification from my Malware program. 



 

Is anyone famrilair with this issue? How do I report it for official review? 

Thanks? 

[Sassy Romano]

nothing to do.

slplugin.exe is a web/media player plugin that is connecting to an external web address which is outside of SL, same as if you visited it with your browser.

Either the media URL is falsely flagged or it could be genuine, either way, nothing to do with Linden Lab or a fault in SL.

[Lana207ave]

Thank you for your input. It is sort of hard to belive that there is no way to report this and/or warn the land ower and vistors of a possible issue. 

[Danisox]

hi there!   as somebody who deals with malware infections on the corperate levels.   This is an outbound connection, not an inbound one, so the source was you as indicated by the outbound from the SL plugin.  so  as mentioned where you was at, your connection was sending information to what ever ip or url is listed as media on that sim.

 

There is zero chance of infection in SL.   the way the clients are done, make infection even by the nastisest malware impossible. 

 

 

[Lana207ave]

Ah-ha... I get it. Thanks. I feel better about this now. 

[Sassy Romano]

it's not hard to believe that there's nobody to tell because it's entirely outside of SL.

 

I suspect it's a music steam or media on a prim, both of which could be accessed via a web browser. if you did that and got the same malware message, who would you report it to?

 

it is clearly already known to your security software.

 

Not everything that you view inside SL is necessarily part of SL though the distinction isn't necessarily clear if you're not interested in the technical aspects so I can understand your concern.

 

[Freya Mokusei]

While I hesitate to provide useful information here since this isn't a People issue and can't reliably be Generally Discussed...

93.158.134.83 is a Russian IP belonging to Yandex, a popular search/hosting provider in that country (kind of like Google, except with state sponsorship). Malware infections are possible and more probable than other, non-Russian providers (hooray), and there's likely to be an malware/adware-serving component of the site.

Port 60897 is unused by anything I can find. Perhaps just scanning, perhaps this is SL-related and internal, not anything to do with Yandex. It's not possible to tell and doesn't seem useful anyway.

Note that Malwarebytes doesn't only detect malicious content, but also obtrusive and annoying content. It's possible that the detected threat was intentional, a side-effect of you randomly careening around in SL with media enabled and the destination attempting to scoop information about your PC/connection. The Internet's not always as safe as that, I would encourage browsing with more caution in future (e.g. disabling auto-play).

You could report this issue to Yandex directly, but this isn't LL's problem, to agree with Sassy. The risk is one that you are taking, it is your responsibility to browse securely, as only your system is placed at risk. Malwarebytes is one way of countering this risk, but you're still exposed to quite a few tricks if you're using auto-play media in SL.

[Perrie Juran]

Adding a few links here just for reference.  Too many folks don't understand that not everything goes through the Second Life Servers, especially Media and Voice.

 

https://community.secondlife.com/t5/Technology-General/Shared-Media-Security-and-Privacy/ba-p/656867

http://wiki.secondlife.com/wiki/Linden_Lab_Official:Voice_Chat_Privacy

http://wiki.secondlife.com/wiki/Linden_Lab_Official:Technical_overview_of_Second_Life_security

[Lana207ave]

Thank you for all the feedback. I've learned a few important points. 

[Nyles Nestler]

While almost any service may be run on almost any port, I think it's more likely that  the MalwareByte's pop-up was refering to an outbound connection originating from local port 60897.