Is this a malware problem or browser bug?

Discussion in 'malware problems & news' started by Ritho, Oct 25, 2012.

Thread Status:
Not open for further replies.
  1. Ritho

    Ritho Registered Member

    Joined:
    Aug 6, 2011
    Posts:
    3
    Hi guys,

    I was looking at a site for a guy that was complaining that his css was not working when the site was loading in https. I use Sandboxie, and when I checked the site in Google Chrome (with its sandbox disabled using the --no-sandbox perimeter )for a brief moment the black windows run cmd.exe dialogue popped up. (This was on windows XP SP3) I tested it several times and the same thing happened each time.

    So I decided to use the browserling.com service to check out what is happening. This is where it got interesting. When testing the site in Internet Explorer 9 it does the same thing, but I end up being directed to the system32 folder on the virtual machine which is not suposed to be able to happen. I closed the session and tried several times, and a each time something else weird seemed to happen.

    I tested IE 8 running in sandboxie on my test machine and nothing happened.

    Anyway I can't find an infection on the client's machine. I am including the troublesome url, but altering it to keep any one from inadvertently clicking it.

    https://www.listenup(dot)com/

    P.S. I understand the use of Google Chrome without its sandbox feature enabled is a security risk, I do it for various testing reasons, which is why it was running in Sandboxie.
     
  2. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    When I go there with Firefox it opens normal. When I use Chrome (no sandbox) I get a page which tells me not to proceed, because the certificate of the site isn't trusted (translation, text is in dutch). It's not verified by a 3th party, so it could be a hacker which is trying to make you believe it's the real site.
     
  3. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
  4. Ritho

    Ritho Registered Member

    Joined:
    Aug 6, 2011
    Posts:
    3
    Doing your homework I see. :) Well I am 99% certain that the two problems are not connected. In fact I don't know if what I mention above is actually a problem. I think the css problem is coming from wordpress itself and has nothing to do with the ssl. I believe there are actually two problems at work with the guys css.

    Anyway the certificate that I am getting from the site is perfectly valid and has no dutch or anything like that.
     
  5. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    The dutch isn't in the certificate. It's chrome which is in dutch and "tells" me not to proceed.
     
  6. Ritho

    Ritho Registered Member

    Joined:
    Aug 6, 2011
    Posts:
    3
    I see I read what you wrote wrong. The warning you are getting is likely because some of the css is not being delivered via https, so there are both secure and non secure elements on the page. Some browsers balk at none secure style sheets while others don't. I have no idea why you are getting a message that the certificate is not verified by a third party, because on my test machines it passes verification just fine from RapidSSL Geotrust
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I didn't visit the website, but what user Get mentions has nothing to do with insecure content. Whenever a website has both secure and insecure content, Google Chrome will simply block the insecure content, and then the user can choose to allow it (there should be an icon in the address bar... it appears in Chromium builds for quite some time now). The red warning about the certificate is a different matter - Google Chrome simply can't verify the certificate as being a valid one, and will alert the user for that.
     
  8. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,871
    Comodo dragon does the same also and checks for ssl authentication.:thumb:
     
  9. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Is it the first time that Firefox opens a webpage without a problem while Chrome cannot?
    Is it? o_O
     
  10. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    @Mr.PC: I don't use Chrome. I only installed it, because FF and Opera didn't handle ebay well when uploading a picture to a sale and Chrome did, so I can't tell whether it's frequent or not.
     
Loading...
Thread Status:
Not open for further replies.