Today (Aug 5) my Firefox browser for Mac suddenly started getting antivirus alerts and a website URL was listed: ocsp.comodoca.com
So I did a Firefox 'refresh,' reducing … (read more)
Today (Aug 5) my Firefox browser for Mac suddenly started getting antivirus alerts and a website URL was listed: ocsp.comodoca.com
So I did a Firefox 'refresh,' reducing my browser back to base settings and getting rid of all extensions. The warnings ended. At first. Until I went to restore my browser-protection add-ons like BetterPrivacy, then NoScript and AdBlock plus. As soon as I installed either NoScript or AdBlock plus, the same virus warnings appeared again in their bold red. So I disabled them. When I went to the Firefox forums for these add-ons to post a warning about this, more virus warnings appeared as soon as I went there. Nuts, right? I can't even post a warning there without getting attacked by the same virus (see name of malsite above).
So I did some Google research on this website and this is what I found on one site:
ocsp.comodoca.com blacklisted (by comodo itself)
by Carol~ Forum moderator / July 3, 2012 4:01 AM PDT
In reply to: NEWS - July 03, 2012
From SANS ISC:
Update: Looks like Comodo fixed its classification of the site in an updated report [2]. The site still shows one suspicious scan, but the overall status is "safe". McAfee classifies the site as "minimal risk" but the history still shows a red high risk for web reputation as of today/yesterday. [3]
---
A couple of readers have noticed that "ocsp.comodoca.com" has been labeled as "suspicious" and distributing malware for the last couple of days. In particular Comodo's own site inspector service has been identifying the URL as suspect [1]
OCSP is a newer web service that allows clients to verify if an SSL certificate has been revoked. The older standard, CRL (Certificate Revocation List) required that browsers download the entire list. With OCSP, it is possible to query the status of an individual certificate. The certificate has to have the URL for the respective CRL or OCSP service embedded.
Many browsers will accept a certificate, even if the OCSP service does not respond. They will only mark it as invalid, if the OCSP service responds with a result marking the certificate as revoked. However, for Extended Validation (EV) certificates, browsers tend to be more specific and require a positive OCSP response.
Continued : https://isc.sans.edu/diary.html?storyid=13606
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This all sounded rather bland, then I went to a different site which looked far more suspicious but is not so bland about its subject. It reads:
How to Delete ocsp.comodoca.com from Firefox by YAC PC Cleaner?(Removal Guide)
How to Delete ocsp.comodoca.com from Firefox by YAC PC Cleaner?(Removal Guide)
Can’t get rid of ocsp.comodoca.com virus that pops up on your computer? All the browsers ( Internet Explorer, Firefox, Google Chrome) have been hijacked, it effects from Windows 7, Windows Vista, Windows XP to Windows 8. How do i delete the redirect virus from the infected computer?
ocsp.comodoca.com INTRODUCTION:
ocsp.comodoca.com is categorized as a browser hijacker which is used by hackers to allure you to download some useless applications. ocsp.comodoca.com may enter on the system through spam email attachments, downloading freeware from internet, through infected drives and etc. ocsp.comodoca.com will act like an adware infection which take up a big part of system resources and seriously slow down computer running.
ocsp.comodoca.com can records your internet activity data, steals your privacy and compromises your security. ocsp.comodoca.com can violate your privacy as well as steal your confidential data. It ocsp.comodoca.com can cause serious damage by deleting important files and destroying information on your system. Remove ocsp.comodoca.com before it harms your machine.
Download YAC
INFECTED SYMPTOMS:
Compromise your system and may introduce additional infections like rogue software
ocsp.comodoca.com forcibly customizes the default homepage, search engine and bookmarks of your computer.
You need to take a long time to open a webpage than before.
ocsp.comodoca.com is a parasitic browser hijacker
Enters your computer without your consent and disguises itself in root of the system once installed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Since I don't trust this second website (called YAC) and they can't even write an ad with decent grammar (a Chinese site???), there's no way I'm downloading anything from them. However, my problem remains. How can I restore my Firefox with all those cool security addons (AdBLock, NoScript) without my addons/brower being hijacked by this comodoca thing? Are these YAC guys even telling the truth?
Should I turn off the certificate OCSP responder toggle inside Firefox or something, too?