Malware warning

Post Reply New Topic

Under the Arts, Writing, and Music subforum, I am getting a Malware warning when I click on the topic titled "What's your favorite architecture style?" A page pops up saying "Danger: Malware ahead, proceed with caution". I backed out obviously but wanted the people in charge to know.

Are you using firefox; it may just be a security setting issue.

I am getting the same warning courtesy of Chrome and i'm using a secure/443 connection.

I'm using Chrome also

Which post on that thread causes the problem?

It's not possible to inject malware directly into a post here, but it's conceivable there could be some sort of malware - real or mis-detected - attached to one of the images linked on that thread.
If it's possible to drill down to a specific image then I can simply edit the post to unlink it - but since the malware would exist off WP, that's about the extent of the action taken.
It would also be immensely useful if an indication of why it is considered malware could be given, because false positives also happen.

It seems to be on the first page as pages 2 and 3 do not seem to cause a warning.

If you do a right-click | open in new tab on a post's direct link, the tiny icon immediately to the left of the "Posted:" header on each post on the first page, you should hopefully find your browser only objects to malware on one post opened in a new tab.
That being the case, paste the link here and that will be the post I'll edit.

No clues on why it claims it's malware, then?

It may be the image in the post from Postures on page 1 (Thu Mar 18, 2010 10:13 am).

My security settings block the image, and I get security warnings if I try to load it manually...

Hmm, odd - the link is broken anyway for the image in that post because the site it's on can't be found so if that post is the cause of the alert, clearly it's not the image...
So maybe the site name has been associated with malware? Or, it's a bogus warning generated because the link is broken.

I've completely removed that image link - would someone please try the thread to see how Chrome behaves now?

All clear.

Excellent.
One more test: I've added a string which simply mentions the site name that was used, with no reference to a file name.
That ought to prove it's the site name and not a broken image link which causes the alert.

Since everyone seems to have wandered off leaving my test unanswered, I'll take that as being "no change".

The site concerned doesn't exist and more to the point, there is no DNS record for it either - so it cannot exist.
The IP which was once assigned to it is now assigned to someone else.

I assume this information will eventually trickle into the data Chrome used to generate that malware warning so it becomes updated - and the same goes for Google: its "Safe Browsing" diagnostic page has nothing much to say about it except to indicate that it was considered a risk at one point:
http://google.com/safebrowsing/diagnost ... /&hl=en-gb

So the malware alert was a false positive, and based on stale information.

It's interesting to read Google's report on the BBC website - at least, at the time of making this post:
http://google.com/safebrowsing/diagnost ... /&hl=en-gb