Google chrome thinks BLF hosts malware

When I tried to log in to BLF today with Google Chrome on windows, I got affronted with a Malware warning. When I clicked "proceed anyways", it told me that your /tiny_mce/plugins/emotions/img/smiley-cool.gif and tiny_mce/plugins/emotions/img/smiley-smile.gif are infected.

This didn't happen yesterday, with the same browser on the same machine. I hope it's false, but should be double-checked to be sure. I'll put the full text below:


Warning: Something's Not Right Here!
The website at budgetlightforum.com contains elements from sites which appear to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Below is a list of all the unsafe elements for the page. Click on the Diagnostic link for more information on the thread for a specific element.
Malware http://budgetlightforum.com/sites/all/libraries/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-smile.gif Safe Browsing diagnostic page
Malware http://budgetlightforum.com/sites/all/libraries/tinymce/jscripts/tiny_mce/plugins/emotions/img/smiley-cool.gif Safe Browsing diagnostic page
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer.


Safe Browsing
Diagnostic page for cz.cc
What is the current listing status for cz.cc?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2946 time(s ) over the past 90 days.
What happened when Google visited this site?
Of the 120331 pages we tested on the site over the past 90 days, 513 page(s ) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-06-17, and the last time suspicious content was found on this site was on 2011-06-17.
Malicious software includes 43747 scripting exploit(s ), 38142 trojan(s ), 27876 exploit(s ). Successful infection resulted in an average of 3 new process(es ) on the target machine.
Malicious software is hosted on 206 domain(s ), including google.com/, imgddd.net/,allprotectsolitionssi.co.cc/.
54 domain(s ) appear to be functioning as intermediaries for distributing malware to visitors of this site, including usa-domain.in/, 777blogz.com/, zadorno.in/.
This site was hosted on 867 network(s ) including AS25847 (SERVINT), AS21788 (NOC),AS28753 (NETDIRECT).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, cz.cc appeared to function as an intermediary for the infection of 14051 site(s ) including uniform-net.jp/, nuxi-navi.com/, flashracingonline.com/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 47581 domain(s ), including razym.ru/, picnichamperbaskets.com/, cougasoft.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
• Return to the previous page.
• If you are the owner of this web site, you can request a review of your site using GoogleWebmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Updated 4 hours ago
©2008 Google - Google Home

I don't know about the smileys (I downloaded the first one, and sure enough, it's a perfectly valid gif image), but the second part looks like google thinks cz.cc is an individual site, not a domain place. It could be it's thinking any and all links to *.cz.cc domains are bad, without checking the content on individual ones.

--Bushytails

And I sort-of assumed that was the case, however, it the domain host gets infected, it can spread malware to hosted sites. Also, it's possible to poison a .gif and still be able to view it as normal. Better to err on the side of caution, right? I fired up my linux VM to spelunk the forum today.

I noticed the same thing (hello 1st post, btw) and just changed my bookmark to ".com" and have no problems.
So I think it's the cz.cc domain issue, too.

That warning freaked me out, though.

+1

@zx3junglist: Is a problem of cz.cc domain. Change your bookmark like tpilk do and you're done

Welcome tpilk

Good to have you here.

Enjoy your time here - I do.

Aloha and welcome to BLF tpilk!

Thanks for the warm welcome, everybody! Glad to be here.
I've been lurking for a few months now and figured it was time to man up and register.

incredible shrinking text, sorry about that.

Nae wurries min! Sharn hippens.

Divnae wurry aroun' it.

Or, in English, Don't worry about it. All of us have out own dialects/languages. And we all make mistakes sometimes.

Welcome tpilk! You just missed signing up for a fun give-away by a couple days! No worries though...I'm sure there will be another.

Welcome tpilk

Hi there tpilk, welcome to BLF! Thanks for joining.

Hmm, about this .cz.cc malware issue, we do have a bit of a problem. As somebody already mentioned, all of these content filters and malware checkers only look at the primary domain (.cz.cc). If any of the subdomains (nastysite.cz.cc) hosts malware, than any other subdomains like budgetlightforum.cz.cc will also be flagged. I currently have a redirect set up between *budgetlightforum.cz.cc/* to budgetlightforum.com. I wonder if I should remove that redirect to entirely avoid being associated with .cz.cc. The disadvantage is that any old links on search engines and other websites will be broken, unless the user knows to manually change the .cz.cc to .com. What do you guys think?

Thanks a lot for reporting this issue, I appreciate your help!

Hi there tpilk, welcome to BLF! Thanks for joining.

Hmm, about this .cz.cc malware issue, we do have a bit of a problem. As somebody already mentioned, all of these content filters and malware checkers only look at the primary domain (.cz.cc). If any of the subdomains (nastysite.cz.cc) hosts malware, than any other subdomains like budgetlightforum.cz.cc will also be flagged. I currently have a redirect set up between *budgetlightforum.cz.cc/* to budgetlightforum.com. I wonder if I should remove that redirect to entirely avoid being associated with .cz.cc. The disadvantage is that any old links on search engines and other websites will be broken, unless the user knows to manually change the .cz.cc to .com. What do you guys think?

Thanks a lot for reporting this issue, I appreciate your help!

The redirect shouldn't matter - the malware checkers won't be looking at the old domain unless it's referenced on the site somewhere still.

--Bushytails

i just want to know what is the original intention when the mod choose the domain budgetlightforum end with cz.cc.

Save money. :)

But seriously, I didn't expect BLF to take off, so I didn't want to invest in a .com domain.