Since April 2011 the companies of one Mr. Recher from Germany harassed me three times. I reported about this a few times already (e.g. here). I suspect I am not alone.
Their scheme is to send automated, unverified abuse notifications to hosters. My hoster, Hetzner, forwards these then, along with a nice deadline attached to it. I am then to give a statement concerning the subject matter. Alas, Hetzner does not provide an option to mark this as a false positive. In general their form for making a statement concerning the abuse messages is pretty annoying.
The problem are of course the false positives, but more than that two other things:
- the various companies of Mr. Recher and – from our last email conversations he himself – lacking any kind of own expertise in the field of malware and relying entirely on reports of AV vendors
- the AV industry1 being unable to come up with a single standardized way of reporting false positives to all AV vendors at once
What Mr. Recher does not seem to comprehend is that his claims and abuse notices to my hoster are clearly damaging in my line of work. I.e. they’re libelous. It’s like (non-anonymously) sending rumors to newspapers and later disclaiming responsibility for spreading the rumor and pointing to Twitter or so.
This time three out of the files hosted on my domain were (falsely!) reported as malicious. The most stupid report of all was on this file – here’s the VirusTotal analysis:
The file is code-signed and timestamped. So are the MSI setup databases contained. There is literally nothing malicious on this file and it’s been untouched for nearly two years. I also cross-checked against my local archive of published files. And reporting it as “Downloader”2 is firmly in the realm of stoooooopid.
The company name and location has changed, but the names of the wannabe security expert and self-proclaimed sheriff of the WWW behind them remains. To repeat myself: I have nothing against people fighting malware and malicious websites. But relying on someone else’s claim without being able to back that up yourself is a pretty weak foundation for a company.
I have talked to a lawyer on the phone and he suggested that, when back in Germany, I should seek the advice from one of his colleagues specialized in IT-related topics. He assured me that a binding written warning (German: Abmahnung) will be in order to get rid of this.
// Oliver