Google chrome thinks BLF hosts malware

17 posts / 0 new
Last post
zx3junglist
Offline
Last seen: 8 years 3 weeks ago
Joined: 05/03/2011 - 19:15
Posts: 40
Location: Massachusetts, USA
Google chrome thinks BLF hosts malware

When I tried to log in to BLF today with Google Chrome on windows, I got affronted with a Malware warning. When I clicked "proceed anyways", it told me that your /tiny_mce/plugins/emotions/img/smiley-cool.gif and tiny_mce/plugins/emotions/img/smiley-smile.gif are infected.

 This didn't happen yesterday, with the same browser on the same machine. I hope it's false, but should be double-checked to be sure. I'll put the full text below:

 


 Warning: Something's Not Right Here!
The website at budgetlightforum.com contains elements from sites which appear to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Below is a list of all the unsafe elements for the page. Click on the Diagnostic link for more information on the thread for a specific element.
Malware    http://budgetlightforum.com/sites/all/libraries/tinymce/jscripts/tiny_mc...  Safe Browsing diagnostic page
Malware    http://budgetlightforum.com/sites/all/libraries/tinymce/jscripts/tiny_mc...  Safe Browsing diagnostic page
Learn more about how to protect yourself from harmful software online.
  I understand that visiting this site may harm my computer.


 

Safe Browsing
Diagnostic page for cz.cc
What is the current listing status for cz.cc?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2946 time(s ) over the past 90 days.
What happened when Google visited this site?
Of the 120331 pages we tested on the site over the past 90 days, 513 page(s ) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-06-17, and the last time suspicious content was found on this site was on 2011-06-17.
Malicious software includes 43747 scripting exploit(s ), 38142 trojan(s ), 27876 exploit(s ). Successful infection resulted in an average of 3 new process(es ) on the target machine.
Malicious software is hosted on 206 domain(s ), including google.com/, imgddd.net/,allprotectsolitionssi.co.cc/.
54 domain(s ) appear to be functioning as intermediaries for distributing malware to visitors of this site, including usa-domain.in/, 777blogz.com/, zadorno.in/.
This site was hosted on 867 network(s ) including AS25847 (SERVINT), AS21788 (NOC),AS28753 (NETDIRECT).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, cz.cc appeared to function as an intermediary for the infection of 14051 site(s ) including uniform-net.jp/, nuxi-navi.com/, flashracingonline.com/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 47581 domain(s ), including razym.ru/, picnichamperbaskets.com/, cougasoft.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
•    Return to the previous page.
•    If you are the owner of this web site, you can request a review of your site using GoogleWebmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Updated 4 hours ago
©2008 Google - Google Home

Edited by: sb56637 on 02/14/2012 - 08:19 Reason: sb56637 replaced budgetlightforum.cz.cc with budgetlightforum.com via Scanner Search and Replace module.
bushytails
Offline
Last seen: 7 years 6 months ago
Joined: 06/11/2011 - 21:53
Posts: 167

I don't know about the smileys (I downloaded the first one, and sure enough, it's a perfectly valid gif image), but the second part looks like google thinks cz.cc is an individual site, not a domain place.  It could be it's thinking any and all links to *.cz.cc domains are bad, without checking the content on individual ones.

--Bushytails

zx3junglist
Offline
Last seen: 8 years 3 weeks ago
Joined: 05/03/2011 - 19:15
Posts: 40
Location: Massachusetts, USA

And I sort-of assumed that was the case, however, it the domain host gets infected, it can spread malware to hosted sites. Also, it's possible to poison a .gif and still be able to view it as normal. Better to err on the side of caution, right? I fired up my linux VM to spelunk the forum today.

tpilk
Offline
Last seen: 8 years 12 months ago
Joined: 06/17/2011 - 14:45
Posts: 12
Location: Sunny, bankrupt California

I noticed the same thing (hello 1st post, btw) and just changed my bookmark to ".com" and have no problems.
So I think it's the cz.cc domain issue, too.

That warning freaked me out, though.

Davx
Davx's picture
Offline
Last seen: 4 years 9 months ago
Joined: 03/17/2011 - 20:29
Posts: 910
Location: Italy

tpilk wrote:

I noticed the same thing (hello 1st post, btw) and just changed my bookmark to ".com" and have no problems.
So I think it's the cz.cc domain issue, too.

+1

@zx3junglist: Is a problem of cz.cc domain. Change your bookmark like tpilk do and you're done

"There are always new jobs, women, and apartments......there is only ONE BLF." - Chicago X (27/03/2012)

Don
Don's picture
Offline
Last seen: 1 month 6 days ago
Joined: 01/12/2010 - 16:32
Posts: 6617
Location: Scotland

tpilk wrote:

I noticed the same thing (hello 1st post, btw) and just changed my bookmark to ".com" and have no problems.
So I think it's the cz.cc domain issue, too.

That warning freaked me out, though.

 

Welcome tpilk

 

Good to have you here.

 

Enjoy your time here - I do.

 

The numbers from my light tests are always to be found here.

https://spreadsheets.google.com/ccc?key=0ApkFM37n_QnRdDU5MDNzOURjYllmZHI...

fishinfool
fishinfool's picture
Offline
Last seen: 1 year 4 months ago
Joined: 03/09/2010 - 00:30
Posts: 4342
Location: Hilo, Hawaii

Aloha and welcome to BLF tpilk!

 

Don wrote:

"But as I said long ago, you are more likely to be killed by a dead fish dropped by a seagull in the Sahara Desert than by a lithium ion

tpilk
Offline
Last seen: 8 years 12 months ago
Joined: 06/17/2011 - 14:45
Posts: 12
Location: Sunny, bankrupt California

Thanks for the warm welcome, everybody! Glad to be here.
I've been lurking for a few months now and figured it was time to man up and register.  

tpilk
Offline
Last seen: 8 years 12 months ago
Joined: 06/17/2011 - 14:45
Posts: 12
Location: Sunny, bankrupt California

incredible shrinking text, sorry about that.

Don
Don's picture
Offline
Last seen: 1 month 6 days ago
Joined: 01/12/2010 - 16:32
Posts: 6617
Location: Scotland

tpilk wrote:

incredible shrinking text, sorry about that.

 

Nae wurries min! Sharn hippens.

Divnae wurry aroun' it.

 

Or, in English, Don't worry about it. All of us have out own dialects/languages. And we all make mistakes sometimes.

 

The numbers from my light tests are always to be found here.

https://spreadsheets.google.com/ccc?key=0ApkFM37n_QnRdDU5MDNzOURjYllmZHI...

Match
Match's picture
Offline
Last seen: 4 years 7 months ago
Joined: 11/14/2010 - 11:57
Posts: 1488
Location: South Carolina, USA

Welcome tpilk!  You just missed signing up for a fun give-away by a couple days!  No worries though...I'm sure there will be another. Wink

Langcjl
Langcjl's picture
Offline
Last seen: 2 years 7 months ago
Joined: 03/05/2011 - 05:36
Posts: 2162
Location: Wisconsin USA
Welcome tpilk

Piers said " ....but who wants enough light, when you have the option for far too much "

sb56637
sb56637's picture
Offline
Last seen: 8 hours 35 min ago
Joined: 01/08/2010 - 09:29
Posts: 6890
Location: The Light

Hi there tpilk, welcome to BLF! Thanks for joining.

 

Hmm, about this .cz.cc malware issue, we do have a bit of a problem. As somebody already mentioned, all of these content filters and malware checkers only look at the primary domain (.cz.cc). If any of the subdomains (nastysite.cz.cc) hosts malware, than any other subdomains like budgetlightforum.cz.cc will also be flagged. I currently have a redirect set up between *budgetlightforum.cz.cc/* to budgetlightforum.com. I wonder if I should remove that redirect to entirely avoid being associated with .cz.cc. The disadvantage is that any old links on search engines and other websites will be broken, unless the user knows to manually change the .cz.cc to .com. What do you guys think?

Thanks a lot for reporting this issue, I appreciate your help!

Budget Light Forum ...where Frugal meets with Flashlight!

sb56637
sb56637's picture
Offline
Last seen: 8 hours 35 min ago
Joined: 01/08/2010 - 09:29
Posts: 6890
Location: The Light

Hi there tpilk, welcome to BLF! Thanks for joining.

 

Hmm, about this .cz.cc malware issue, we do have a bit of a problem. As somebody already mentioned, all of these content filters and malware checkers only look at the primary domain (.cz.cc). If any of the subdomains (nastysite.cz.cc) hosts malware, than any other subdomains like budgetlightforum.cz.cc will also be flagged. I currently have a redirect set up between *budgetlightforum.cz.cc/* to budgetlightforum.com. I wonder if I should remove that redirect to entirely avoid being associated with .cz.cc. The disadvantage is that any old links on search engines and other websites will be broken, unless the user knows to manually change the .cz.cc to .com. What do you guys think?

Thanks a lot for reporting this issue, I appreciate your help!

Budget Light Forum ...where Frugal meets with Flashlight!

bushytails
Offline
Last seen: 7 years 6 months ago
Joined: 06/11/2011 - 21:53
Posts: 167

The redirect shouldn't matter - the malware checkers won't be looking at the old domain unless it's referenced on the site somewhere still.

--Bushytails

Huge
Huge's picture
Offline
Last seen: 8 years 10 months ago
Joined: 02/12/2011 - 01:14
Posts: 115

i just want to know what is the original intention when the mod choose the domain budgetlightforum end with cz.cc.

Flashlight may bring me a sunshine~

sb56637
sb56637's picture
Offline
Last seen: 8 hours 35 min ago
Joined: 01/08/2010 - 09:29
Posts: 6890
Location: The Light

Huge wrote:

i just want to know what is the original intention when the mod choose the domain budgetlightforum end with cz.cc.

Save money. Smile

But seriously, I didn't expect BLF to take off, so I didn't want to invest in a .com domain.

Budget Light Forum ...where Frugal meets with Flashlight!