• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

Where is this virus message coming from?

Yesterday, I received this message from a visitor to my website:
--------------------------------------------------------
This morning about 9:30am or so (Wednesday), I went to your site and clicked on the column and headline about cuts at clearchannel.  At that time, a security alert appeared warning of the following virus
JS/Xilos
I am advised that this virus is one that invades a computer to copy keystrokes etc.
Thought you would want to know.
---------------------------------------------------
The link that the visitor clicked on appears in an RSS feed, along with other links. The page itself has been up for about 45 days with no reports of any type of problems at all.

You could probably call me a low-end intermediate user. As such, I have no idea how the visitor got the message she wrote to me about. I visited the page and did not receive any warning.

Where is it most likely to be coming from? The RSS feed/site? Her computer? My web page, somehow? Someplace else?

The page is the home page to my site, www.radiogeorge.com. You'll see the RSS feed at the right hand side and the link that the writer referred to is still there, "Second Round of Job Cuts Hits Clear Channel Radio Nationwide."

Thanks for your help.
0
RadioGeorge
Asked:
RadioGeorge
4 Solutions
 
aamodtCommented:
It is her computer, if you and nobody else have been promted with that kinda message..

The virus on her computer is posiablly injecting the Javascript on anysite or "popular" sites on here computer.

This is the most posiable solution, I am not getting any promt up and im running a pretty disent Virus checker program
0
 
my2eggsCommented:
Here are the details about the virus:

http://vil.nai.com/vil/content/v_99460.htm

Note this is a proof of concept virus, meaning that the original virus doesn't really do anything other than prove some new technique. In this case it proves that a mutating virus can be written using a scripting language. That being said someone may have rewritten it to actually do something harmful.

It is a javascript based virus. So by looking at your code I would have to say the virus was coming from the widgetbox you have on your site. Now when I try to click on it from within a virtual machine I have I don't get any warnings either and I use a fully up to date virus program with spyware detection. It's possible that the user simply had a false positive. There are a few virus programs that are very sensitive and give a lot of false positives. Either way I do not believe the virus would be coming from your code alone.
0
 
OriNetworksCommented:
The clients software on their own computer might be incorrectly identifying your code as a virus. This is called a false positive. Make sure you double check your code and make sure the files arent tampered with. Run a virus scan on your servers root folder to make sure but it is probably nothing.
0
 
warturtleCommented:
I have just been to the website and nothing. My antivirus didn't popup. Its most possibly a false-positive as other experts have already said.
0
 
RadioGeorgeOwner/ProgrammerAuthor Commented:
Thank you, guys. I also wrote to the techs at widgetbox.com, the site that creates the feeds and they pretty much echoed what you said. I've written to the emailer and let her know what the verdict is for her information as well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now