Bil Browning

Malware warnings

Filed By Bil Browning | March 22, 2010 9:00 PM | comments

Filed in: Site News
Tags: bad advertising

UPDATE 3/22 9:00pm: We've finally gotten the all-clear from Google. You should stop seeing warnings soon. It may take up to 24 hours for the changes to filter through web and out to individual browsers.

UPDATE 3/22 Noon: Google is recrawling the site now. Hopefully this will be fixed by later this afternoon. Cross your fingers, folks. This has really been annoying since we never had any damn malware to start with - another site did it and we got the punishment. Argh!

UPDATE 3/22 12:30am: This is f--king annoying. We're waiting on Google to allow us to request that they recrawl the site and realize we're not hosting viruses and whatnot. No kidding. It doesn't look like they're going to allow us to request the re-determination until Monday morning. The other services all say we're clean, so we're just waiting on Google to recrawl the site now.

UPDATE 3/21 11:30am: The problem continues. We've found what appears to be the problem. Our ad server for our self-sold ads was used a couple of weeks ago to serve up malware on another site. Since we use the same software, Google has blocked TBP and reported it as "suspicious." (Not "known.") We've removed the software and are waiting on Google to re-evaluate the site again. No idea when they'll actually do it though. :(


Several of you have been reporting a Malware warning appearing when you try to visit certain pages. We're working on it and it should be cleared up soon. My apologies to everyone.

It was coming from one of our ads. I've notified our ad providers and asked Google to remove us from the notifications. It's now just a waiting game.

I'm not getting the warnings now, but it also depends on which page and which ads get served up. It doesn't seem to happen on the front page of the site or in certain browsers, for example.

If you get the warning, leave a comment and let us know what page you were trying to visit. We want to make sure Google doesn't keep any pages flagged over an ad that popped up once.


Recent Entries Filed under Site News:

Leave a comment

We want to know your opinion on this issue! While arguing about an opinion or idea is encouraged, personal attacks will not be tolerated. Please be respectful of others.

The editorial team will delete a comment that is off-topic, abusive, exceptionally incoherent, includes a slur or is soliciting and/or advertising. Repeated violations of the policy will result in revocation of your user account. Please keep in mind that this is our online home; ill-mannered house guests will be shown the door.


http://www.bilerico.com/2010/03/malware_warnings.php#comments
Had to use IE to get to this page.

Anything with root www.bilerico.com/2010 gets blocked.

What is the current listing status for www.bilerico.com/2010?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 481 pages that we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2010-03-20, and the last time that suspicious content was found on this site was on 2010-03-20.

Malicious software includes 4 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 2 domain(s), including waycity.net/, appledrink.net/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ads.is/.

This site was hosted on 2 network(s) including AS30691 (LLDC), AS20193 (SINEWAVE).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.bilerico.com/2010 did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Just got blocked twice from the front page (FX wouldn't open it, and I usually use google Chrome).

Blocked from the frontpage and the preview in the backend. I'm on Chrome too.

Got blocked on the home page AND on the attempt to comment here. Mac Leopard/Safari.

the_czarina the_czarina | March 21, 2010 8:17 AM

just NOW, reading this with a sense of relief (oh well) that i wasn't crazy and that you were working on it my microsoft essentials anti-virus software popped up with a warning.

this page, right now.
windows xp/IE. yesterday it happened 3 or 4 times; same puter/using firefox.

The main page showed up fine on Firefox, but when I clicked on the Comment link, I got a malware page. Then I clicked "Ignore This Warning" on the bottom right, and it took me to StopBadware.org "Request A Review" (http://bit.ly/cb6CU0).

I remember reading about some anti-gay orgs improperly reporting websites as malware to Google a while bad. Could that be part of it?

I've been having the same issue as Jillian with Firefox, but Google Chrome seems to work fine. For me it started late last night. I was able to get off the warning page and into the site by clicking "Ignore This Warning" but today that doesn't work. I had to switch to Chrome to get to anything deeper than the main page.

Now I just got a warning with Chrome as well. It worked fine the first time, but not now.

Tom Graham | March 21, 2010 9:42 AM

Yust came in with Chrome to home page. Got multiple warnings of malware.

Clicking through to this article from the RSS feed which I get via Google Reader. Win 7/Firefox.

I used Chrome to read the rest of Alex's article with no problem, but then when I came to Bil's post to make a comment, the comment link gave me a malware warning on Chrome. But at least with Chrome, I was able to click "Proceed Anway" and get here. Firefox just blocked me entirely.

H. T. Kelly, Jr. | March 21, 2010 11:46 AM

I got a malware (i.e. trojan) warning on your "On Selling Paranoia, Or, Conservative Emails, Examined" page.

Using Safari I'm getting a warning on this page, and the opening Bilerico Project page. I've been getting them since yesterday.

Juston Thouron Juston Thouron | March 21, 2010 1:36 PM

I'm using Firefox and I am getting this message from Google on every page except your homepage:

"What happened when Google visited this site?

Of the 481 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-21, and the last time suspicious content was found on this site was on 2010-03-21.

Malicious software includes 11 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 2 domain(s), including appledrink.net/, waycity.net/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ads.is/.

This site was hosted on 2 network(s) including AS30691 (LLDC), AS20193 (SINEWAVE).

Tried to come into http://feedproxy.google.com/~r/BilericoProject/~3/ThOfP2SMYTk/the_tea_baggers_havent_changed_we_have.php through my RSS reader and got the same page as Juston. Same thing happened for this page. I run firefox on an linux box.

I'm also getting it whenever I look at Rebecca Juro's post on Susan Stanton.

A. J. Lopp | March 21, 2010 2:48 PM

Using Firefox, I get "Attack Site!" warning screen when clicking to any "Read" or "Comments" link on front page, although front page itself displays OK. (Firefox 3.5.8 on WinXP)

Amazingly, Internet Explorer 8 works OK (which I am using now).

I get blocked at every URL I go to, even the sign in page and refreshing.
I'm on a mac running safari.

Hey, it worked this time, both on the home page and this comment thread. No warning.

Jake in Phoenix | March 21, 2010 5:59 PM

Didn't get blocked but as soon as I accessed TBP home page I got a warning about "this site is dangerous". I could navigate away from it and back into it. Seemed to be random warnings, as I have opened and closed Bilerico off and on several times today.

It is currently 6:26PM EDT March 21 2010 and I had it show the warning to me again when I tried to get on the site. I basically told the Google Chrome Browser to ignore the warning and so far I am still here.

Still getting the warning upon bringing up the page. It is now after midnight. (22nd @ 12:07AM EDT)

Still getting the warnings as of the time of this posting. I even get them when I try to open the email at my Yahoo email box. The Net Gawds at Google must be angry with you. You will have to sacrifice two pure unused copies of Windows Vista, and an Iphone while wearing three piece suits, to appease them from the sound of it.

Still being blocked from the main page (using Chrome). The malware warning pops up twice, and then doesn't seem to bother me anymore after that.

mmmexperimental | March 22, 2010 1:17 AM

I couldn't get to the site with Firefox. It was block using Opera too until just a little bit ago. I tweeted to you about it twice. I was trying to visit the site on the page about the malware. I think you need to use another service to tell ppl what is going on other than your own site as we can't read the story or the update if its being block on your own site, right? OK, anyway, thanks! and now when I went to submit this I got redirected. ???

Lynn Miller | March 22, 2010 7:46 AM

When I try to visit via Firefox 3.6 (Vista, SP2) I have to jump through a couple warning screens, but then can access this article. However, much of the normal formatting is stripped.

When I visit with Chrome 4.0.249.78, I get through without any problems. I guess I am little surprised, since Chrome is a Google product and Google seems to be the problem.

Most browsers get their malware warnings from Google. IE gets its warnings from Microsoft. So it makes sense that IE would have different results to the other browsers.

TRiG.

i signed on with Mozilla Firefox and received a warning. I was attempting to read "On Selling Paranoia..." from the other day (3/21). The message i received was "Reported Attack Site."


I quote: "This web site at www.bilerico.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners."

now, mind you, i was at the public library at the time, so that's where the security settings come into play.

hopefully, this'll be corrected soon. i also logged in using Internet Explorer and went directly to the site without issues, and that's how I found your notice.

And now I can't even see the homepage with Firefox. And I can't bypass the malware warnings. Bug report filed: https://bugzilla.mozilla.org/show_bug.cgi?id=554084.

TRiG.

Interesting. I'm running Navigator 9 (I know, ancient!) on a Mac and have not gotten a single malware notification. I dont know if I should be worried or not. :-)

I somehow have not had the problem, but friends report having problems.

Love the 'argh' though I usually use two "r's",
as in "arrgh!"

Keep up the good work, I love this site.