PDA

View Full Version : Weird Certificates problems, security alerts



Voivod
2007-02-06, 12:43
Not sure if this is the right forum for this... sorry.

Running Windows 98 and IE 6.
Logging into certain sites IE is giving me a security warning about a certificate who's name doesn't match the site. The issuer is Thawte.com who appear to be a legitimate certificate site but the issued to site varies from lb1.sj1 to lb3.sj1. I've searched these forums and only found a reference in someone else's logs to thawte. Searching the net for lb1.sj1 and lb3.sj1 I only found one reference over at the eBay forums here:
http://forums.ebay.com/db2/thread.jspa?threadID=2000309968&tstart=0&mod=1170571195191
I've found a few references searching Google with "thawt certificate problems" but being paranoid a lot of the sites I don't know and worry about visiting.
Anyone know what's going on?

truebus
2007-02-09, 23:55
This issue is happening with several sites. ebay, paypal, etc. THere are some good posts on some ebay forums about this -

http://forums.ebay.com/db2/thread.jspa?threadID=2000309968&start=40
http://forums.ebay.com/db2/thread.jspa?threadID=2000308695&start=40
http://forums.ebay.com/db2/thread.jspa?threadID=2000309535&tstart=0&mod=1170709033871

seems like all these sites use the Omniture tracking program. Can you post some screenshots of your popup, view the certificate and check if the subject says Omniture

Moved topic from the malware forum where only authorized volunteers are to offer advice:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

sam86
2007-02-14, 21:19
Running Win98SE, IE 6.0

On several https login sites ranging from a utility/teleco provider to a credit card company to a commercial retail site, am getting this warning:

"The name on the security certificate is invalid or does not match the name of the site"

When I click on view certificate, I find it is issued to: lb3.sj1 or sometimes lb1.sj1, by Thawte Premium Server CA. The subject line lists Omniture, Inc.

BTW, my banking site does not have this problem, but at this point, I am not doing any on-line transactions with any financial or retail outfits. Am using another household computer for those tasks. The other computer runs WinXP and also IE6.0, but does not have those issues with certificate problems at those sites. Certificates at these sites look like they are supposed to.

Ran SpyBot and cleaned up the following three items:
ABetterInternet, NumbSoft, and Stration.C. After cleaning, still have the security certificate issue. Also deleted all cookies and also deleted index.dat file to start from scratch. Ran AVG antivirus - nothing.

Is this some sort of Win98/IE6 vulnerability? It seems fishy.

tashi
2007-02-14, 21:49
Hello.

Anyone running Win98 and accessing the WWW, is likely to have an infected system as Win98 is no longer supported by Microsoft, and thus cannot be updated or patched.

UPDATED WINDOWS - Your first line of defence, links and tips (http://forums.spybot.info/showthread.php?t=425)

End of support for Windows 98 and Windows Me (http://forums.spybot.info/showpost.php?p=28501&postcount=3)

Topic of interest:
http://forums.spybot.info/showpost.php?p=25958&postcount=3

If you would like someone to take a look at logs and assist you in the removal of any malware that might be present on the System, please follow the procedure in this link:
"BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

A helper will advise you as soon as available.

Cheers.

tashi
2007-02-15, 23:03
Voivod's topic to remove an infection is here: http://forums.spybot.info/showthread.php?t=11382 :)