Google slaps malware warning on Radio 3 website

Discussion in 'malware problems & news' started by Dermot7, Sep 9, 2010.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.

    Attached Files:

  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I went there through Sandboxie and also had NoScript enabled. There weren't any suspicious 3rd party scripts I could see, just the top domain script (BBC) and a couple of ad servers. I use an ad blocker as well so none of them loaded for me. I'm 98% certain this is yet another case of a malicious ad on the website. In fact, more often than not, bad ads are the cause of these Google warnings. They are almost always cleared up in a day or two, but Google tends to lag behind in taking off its warnings. I think even something as simple as AdBlock Plus will take care of you in a case like this, but if you have other protections, you're more than likely quite safe.
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Anubis Analysis Report says something at that site changes security settings of Internet Explorer, performs file modification and destruction, and reads and modifies registry values, in addition to creating and monitoring registry keys.
     

    Attached Files:

  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    There's got to be some sort of ad serving up a trojan or something there. There just aren't any weird looking scripts at all there, if NoScript is to be believed.
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Or the Anubis analysis isn't correct.
    Just for fun, I re-submitted the unwrongest.com site (from this exploit thread a month and a half ago), and Anubis is still having a problem with malware on that site.
    My leaning is towards trusting the Anubis report, but nothing is really certain... that is, there could be other explanations for the results being produced. For instance, on that unwrongest thread linked above, Vlk noted that, "Most likely a referrer thing. Very common these days. The malicious content doesn't get served for arbitrary request, just if you're coming from a specific source. Also may be based on geoIP and similar things."
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    dw426 and Page42, many thanks for your efforts and info on this. It seems that something is, or maybe was, happening for a short time on that site. Would be interesting to know what "auntie" BBC thinks of this.
     
Loading...
Thread Status:
Not open for further replies.