Is this a malware problem or browser bug?

Hi guys,

I was looking at a site for a guy that was complaining that his css was not working when the site was loading in https. I use Sandboxie, and when I checked the site in Google Chrome (with its sandbox disabled using the --no-sandbox perimeter )for a brief moment the black windows run cmd.exe dialogue popped up. (This was on windows XP SP3) I tested it several times and the same thing happened each time.

So I decided to use the browserling.com service to check out what is happening. This is where it got interesting. When testing the site in Internet Explorer 9 it does the same thing, but I end up being directed to the system32 folder on the virtual machine which is not suposed to be able to happen. I closed the session and tried several times, and a each time something else weird seemed to happen.

I tested IE 8 running in sandboxie on my test machine and nothing happened.

Anyway I can't find an infection on the client's machine. I am including the troublesome url, but altering it to keep any one from inadvertently clicking it.

https://www.listenup(dot)com/

P.S. I understand the use of Google Chrome without its sandbox feature enabled is a security risk, I do it for various testing reasons, which is why it was running in Sandboxie.

 

When I go there with Firefox it opens normal. When I use Chrome (no sandbox) I get a page which tells me not to proceed, because the certificate of the site isn't trusted (translation, text is in dutch). It's not verified by a 3th party, so it could be a hacker which is trying to make you believe it's the real site.

 

Btw Ritho, wanna cut the reward in half when someone gives you the right answer...?

http://jobs.wordpress.net/2012/10/17/wordpress-200-usd-to-the-first-person-that-can-fix-this-for-me/

...

 

Doing your homework I see. Well I am 99% certain that the two problems are not connected. In fact I don't know if what I mention above is actually a problem. I think the css problem is coming from wordpress itself and has nothing to do with the ssl. I believe there are actually two problems at work with the guys css.

Anyway the certificate that I am getting from the site is perfectly valid and has no dutch or anything like that.

 

The dutch isn't in the certificate. It's chrome which is in dutch and "tells" me not to proceed.

 

I see I read what you wrote wrong. The warning you are getting is likely because some of the css is not being delivered via https, so there are both secure and non secure elements on the page. Some browsers balk at none secure style sheets while others don't. I have no idea why you are getting a message that the certificate is not verified by a third party, because on my test machines it passes verification just fine from RapidSSL Geotrust

 

I didn't visit the website, but what user Get mentions has nothing to do with insecure content. Whenever a website has both secure and insecure content, Google Chrome will simply block the insecure content, and then the user can choose to allow it (there should be an icon in the address bar... it appears in Chromium builds for quite some time now). The red warning about the certificate is a different matter - Google Chrome simply can't verify the certificate as being a valid one, and will alert the user for that.

 

Comodo dragon does the same also and checks for ssl authentication.

 

Is it the first time that Firefox opens a webpage without a problem while Chrome cannot?
Is it?

 

@Mr.PC: I don't use Chrome. I only installed it, because FF and Opera didn't handle ebay well when uploading a picture to a sale and Chrome did, so I can't tell whether it's frequent or not.