Strange application want to run on Brosix Page

Discussion in 'malware problems & news' started by Cutting_Edgetech, Jun 16, 2013.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I get this strange application that wants to run when visiting Brosix instant messenger's website. It looks suspicious to me, but may be valid. I get a pop-up informing me that an application wants to run that does not have a valid security certificate. I looked in process monitor to see if there was another process running other than Firefox, and I saw no other process. I also checked with Process Hacker, and saw no other process running. It says an unsigned process from the location below is requesting permission to run. The file extension is .jnlp Is this a valid application? I would have thought a company like Brosix would have had their certificates signed. Maybe their just testing it right now. I did not allow it to run. You can see the web address in the screenshot. I'm not going to post the link on here in case it is a threat due to forum rules.
     

    Attached Files:

  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Thanks Swex! It looks like Brosix may indeed have active threats on their page unless it's a false positive. NOD 32 is not detecting anything. I guess I should report it to them. I just did to Webroot using their Bright Cloud service. I first saw this last night. I wonder if Brosix is aware of this. Surely they are by now.
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Well, I just looked on Eset's site, and I only see an option for reporting phishing sites. I don't see anything to report infected links. I believe this is something Eset should have integrated in the NOD 32 itself by now. Is there not an option to report infected linking within the application itself? Eset is only hurting themselves by not having a way to report infect links readily available. One definitely should be able to do this from within NOD 32 itself, and have an easy to find option to do this on their website. This will have to be my attempt to report the link.
     
    Last edited: Jun 16, 2013
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    The file extension in question is related to Java.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I'm aware of that. AVG is reporting it as possibly active threats.
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,936
    Location:
    U.S.A.
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I found a link to report it to Eset, but that link is not working for me. I click on submit, and nothing happens. It could be because my ISP really sucks! My internet goes out around 30 times a day. Its so slow right now that its difficult to even surf the web. Web pages take for ever to load, and when they do they are not loading the entire page. Here's the link I found for reporting potentially infected websites, but its not working for me. http://kb.eset.com/esetkb/index?pag...le=en_US&searchid=1371416912990#SubmitWebsite
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Yeah, as I stated above it could be a false positive. I will just contact Brosix.
     
  10. Brosix

    Brosix Registered Member

    Joined:
    Jun 17, 2013
    Posts:
    2
    Location:
    Bulgaria
    Yes, we can confirm that it is a false positive.
    Only AVG is reporting us
    http://www.urlvoid.com/scan/brosix.com/ and we send them an unlist request. Thanks for the feedback.

    Everything on brosix.com is double checked and we can confirm that brosix site is clear and working properly as expected.
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    Maybe you could inform the community here then what the purpose of the Java application on your site is for?
     
  12. Brosix

    Brosix Registered Member

    Joined:
    Jun 17, 2013
    Posts:
    2
    Location:
    Bulgaria
    There is no Java Applications on Brosix.com website.

    That's the first and only time we receive a notification from a site visitor about that kind of issue.

    Right now everything is working fine on our side.
     
Loading...
Thread Status:
Not open for further replies.