Malware warning

Johnny_L.A · January 4, 2009, 10:03pm

I clicked on a link at another site and received a malware warning. I had the option of ignoring, or closing the page.

Is this a legitimate warning? If it is, with all of the malware out there why do I see such warnings only rarely? Where does the warning come from? I’m running OS 10.4.11 with the latest security update. Does it come from my OS? Safari? My ISP? Or is it a ‘fake’ warning?

LSLGuy · January 4, 2009, 10:06pm

Not nearly enough info to answer. You received a malware warning from what? What did it look like? Where did it appear on the screen?

There are more and more infected websites which display popups which appear to be malware warnings but are really invitations to download and install malware, not anti-malware programs.

If what you saw looked like it was inside a browser window, the odds are very high it was one of those false solicitations.

Johnny_L.A · January 4, 2009, 10:13pm

That’s what I want to know.

It looks like this.

EDIT: The link is to a screenshot, not the actual page.

mks57 · January 4, 2009, 10:27pm

That looks like a message from your web browser. Google has a service that flags web sites that have been infected with malware. A web browser can use that service to check for problems before it loads a web page. It’s a legitimate warning. Visiting such a web site with an insecure browser can result in your computer being compromised. It doesn’t have to be a porn or warez site for your computer to be attacked.

Johnny_L.A · January 4, 2009, 10:38pm

Interesting. Where can I ‘see’ this service?

mks57 · January 4, 2009, 10:43pm

Johnny_L.A · January 4, 2009, 10:48pm

Is Safari a ‘client application’?

mks57 · January 4, 2009, 10:55pm

Yes.

Johnny_L.A · January 4, 2009, 10:59pm

So is it reasonable to assume that this is an integral part of Safari, and I have no control over it? (Not that I’d shut it off, of course!)

mks57 · January 4, 2009, 11:26pm

See Safari’s security preferences.

Johnny_L.A · January 4, 2009, 11:32pm

Aha. I checked Tiger’s security settings, but I forgot to check Safari’s. It does indeed say to ‘Warn when visiting a fraudulent website’. That’s a very cool feature.

Thanks for all of the info.

rbroome · January 5, 2009, 1:27am

I believe it is an optional security protection. Safari and Firefox can be set to check a database of sites known to be serving malware. If one visits those sites, you get that page. I have seen it several times lately. Usually sites I shouldn’t be visiting in the first place anyway so no loss to skip the site…

Patch · January 5, 2009, 4:28am

Ummm… the warning message gives a link to the Google Safe Browsing Diagnostic Page at “easywebsiteauditor.ru”. Isn’t it more likely it’s a scam and they’re trying to direct you to use that like and thereby go to an infected page? I have a hard time imagining Google storing their diagnostic services in Russia, and Frith knows friends have gotten serious spyware/malware infections from there.

cckerberos · January 5, 2009, 4:33am

Not at, for.

Patch · January 5, 2009, 4:47am

Ah.

Well, then. I’ll just be… leaving.

groo · January 5, 2009, 8:12am

This is interesting. I looked in both Safari and Firefox in both Tiger and Leopard, and didn’t have such an option. Did you (anyone?) install something like the Google Toolbar or Google Apps or somesuch? (Or is it a Chrome thing?)

On my Windows Vista machine (which rocks, which is a strong statement from such a pro-Mac person as myself), I have McAffee super-panduperious-mega-expensive protection against everything, and it didn’t show an alert for the prorev.com/legacy.htm page in your browser.

IAC, I found my way to a demo of “Safe Browsing” on google, and the window they showed looked the same, so the error message you saw appears to be legit.

P.S. When you put screenshots up, do you intend to note your interest in Clinton conspiracy theories, Indiana Jones or handgun auctions? I only ask that because, in a dispute with Amazon at one point, I sent them a screenshot which coincidentally-on-purpose showed that I had another tab open to www.ftc.gov, and “attorney general” was in the google search box. The matter was resolved rather quickly, to my satisfaction, though I have no idea if anyone picked up on my hints. In a related, humorous note, there’s also a picture I saw somewhere (probably failblog.org) wherein a happy couple were posing for a picture, and right there on the nightstand was a big old tub of Anal Lube.

Johnny_L.A · January 5, 2009, 2:47pm

Safari => Preferences => Security. The first line is Fraudulent sites.

I was checking out the Indy fan site last year, but rarely go there anymore. They have a gun section, and I like pre-WWII firearms. As for the gun site, I think everyone knows I like shooting. That site is like eBay for guns. I shouldn’t go there, since it can be expensive. I still need a .32 Colt 1903, a Walther P.38, a Luger P.08…

You threw me with the ‘Clinton conspiracy theories’, as I’m not aware that I have anything on my toolbar. Then I remembered that the site was one a CCT cited for the ‘Clinton Death Count’. I admit I have a little fun poking far-Right types with sticks, and I wanted to see what he was saying before debunking his claims.

The_Surb · January 5, 2009, 3:21pm

Not to be pedantic but, isn’t that link a url*? And if so, wouldn’t it be at this URL and also for this website?

Using a common but not always accurate definition of URL.

Johnny_L.A · January 5, 2009, 3:28pm

I did a Crtl+click (right-click to PC users) to copy the URL to see if that’s where it’s going. Instead of the normal menu to choose the Copy address option, I was taken directly to this page:

Google Transparency Report [Formatting not copied.]

Safe Browsing
Diagnostic page for easywebsiteauditor.ru

What is the current listing status for easywebsiteauditor.ru?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-12-19, and the last time suspicious content was found on this site was on 2008-12-19.
Malicious software includes 8 trojan(s), 4 scripting exploit(s). Successful infection resulted in an average of 0 new processes on the target machine.

This site was hosted on 2 network(s) including AS48511, AS44997 (UATELECOM).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, easywebsiteauditor.ru did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 10 domain(s), including prorev.com/, daytonac.com/, bpaindia.org/.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

Beware_of_Doug · January 5, 2009, 3:54pm

If you must

They don’t look all that happy.

Topic		Replies	Views
here is the warning I get with the BIG RED SCREEN About This Message Board	10	6878	June 5, 2010
Scam on the new computer Miscellaneous and Personal Stuff I Must Share	20	1608	September 12, 2019
Chrome just flagged this site as malware for me About This Message Board	432	73145	May 21, 2014
Firefox Website Warning About This Message Board	2	1117	May 14, 2014
A Malware warning on the SDMB About This Message Board	5	5565	May 27, 2010

Malware warning

Related topics