Thread 'MooWrapper Trojan'

Message boards : Projects : MooWrapper Trojan
Message board moderation

To post messages, you must log in.

AuthorMessage
Ardis

Send message
Joined: 24 Oct 08
Posts: 19
United States
Message 111029 - Posted: 9 Feb 2023, 15:55:29 UTC

Malwarebytes blocked the MooWrapper domain today, and provided the following message:

Secure Connection Failed

An error occurred during a connection to moowrap.net. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.


Overlong records is a classic malfeasance technique, so the block is justified, but how does one contact the website owners if it's blocked?
ID: 111029 · Report as offensive
ProfileDave
Help desk expert

Send message
Joined: 28 Jun 10
Posts: 2704
United Kingdom
Message 111031 - Posted: 9 Feb 2023, 16:16:47 UTC - in response to Message 111029.  

Malwarebytes blocked the MooWrapper domain today, and provided the following message:

Secure Connection Failed

An error occurred during a connection to moowrap.net. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.


Overlong records is a classic malfeasance technique, so the block is justified, but how does one contact the website owners if it's blocked?
Perhaps use a Linux machine or one without malwarebytes installed. You could use a Linux live distro from a usb stick. None of the browsers on my Linux box seem to object to it.
ID: 111031 · Report as offensive
Ardis

Send message
Joined: 24 Oct 08
Posts: 19
United States
Message 111041 - Posted: 13 Feb 2023, 15:58:02 UTC - in response to Message 111031.  

Perhaps use a Linux machine or one without malwarebytes installed. You could use a Linux live distro from a usb stick. None of the browsers on my Linux box seem to object to it.


Thanks for your comment. I'm a former Unix user, but I have little experience with Linux distros. None of the browsers on my Win11 box object either. Malwarebytes is an antivirus, not a browser, and avoiding the problem doesn't solve it.

Perhaps I wasn't clear. The question is: why does moowrap.net return a too-long record (a suspicious condition), and does the website contain a Trojan. It's still being flagged today.
ID: 111041 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15565
Netherlands
Message 111042 - Posted: 13 Feb 2023, 17:01:01 UTC

https://www.virustotal.com/gui/url/c341138a6b46be424003249a95f28c4835e09106bd88e0b3d48a69ca7b75785b shows no problems with that website, so it's your Malwarebytes that is the culprit. Probably a false positive.
ID: 111042 · Report as offensive
ProfileJord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 15565
Netherlands
Message 111043 - Posted: 13 Feb 2023, 17:07:39 UTC

ID: 111043 · Report as offensive
Dr Who Fan
Avatar

Send message
Joined: 10 May 07
Posts: 1444
United States
Message 111044 - Posted: 13 Feb 2023, 17:59:47 UTC - in response to Message 111041.  
Last modified: 13 Feb 2023, 18:57:20 UTC

REPORT IT AS A *FALSE POSITIVE* to Malwarebytes.
Like Jord said all current reports are showing no problems.

Maybe your version of Malwarebytes is out of date?

I had a new update automatically install over the weekend.

Now website is back up Edit to add
>> Report a false positive to Malwarebytes Support
ID: 111044 · Report as offensive

Message boards : Projects : MooWrapper Trojan

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.