Where is this virus message coming from?

Posted on 2009-04-30
Last Modified: 2013-11-22
Yesterday, I received this message from a visitor to my website:
This morning about 9:30am or so (Wednesday), I went to your site and clicked on the column and headline about cuts at clearchannel.  At that time, a security alert appeared warning of the following virus
I am advised that this virus is one that invades a computer to copy keystrokes etc.
Thought you would want to know.
The link that the visitor clicked on appears in an RSS feed, along with other links. The page itself has been up for about 45 days with no reports of any type of problems at all.

You could probably call me a low-end intermediate user. As such, I have no idea how the visitor got the message she wrote to me about. I visited the page and did not receive any warning.

Where is it most likely to be coming from? The RSS feed/site? Her computer? My web page, somehow? Someplace else?

The page is the home page to my site, You'll see the RSS feed at the right hand side and the link that the writer referred to is still there, "Second Round of Job Cuts Hits Clear Channel Radio Nationwide."

Thanks for your help.
Question by:RadioGeorge
    LVL 7

    Assisted Solution

    It is her computer, if you and nobody else have been promted with that kinda message..

    The virus on her computer is posiablly injecting the Javascript on anysite or "popular" sites on here computer.

    This is the most posiable solution, I am not getting any promt up and im running a pretty disent Virus checker program
    LVL 4

    Accepted Solution

    Here are the details about the virus:

    Note this is a proof of concept virus, meaning that the original virus doesn't really do anything other than prove some new technique. In this case it proves that a mutating virus can be written using a scripting language. That being said someone may have rewritten it to actually do something harmful.

    It is a javascript based virus. So by looking at your code I would have to say the virus was coming from the widgetbox you have on your site. Now when I try to click on it from within a virtual machine I have I don't get any warnings either and I use a fully up to date virus program with spyware detection. It's possible that the user simply had a false positive. There are a few virus programs that are very sensitive and give a lot of false positives. Either way I do not believe the virus would be coming from your code alone.
    LVL 17

    Assisted Solution

    The clients software on their own computer might be incorrectly identifying your code as a virus. This is called a false positive. Make sure you double check your code and make sure the files arent tampered with. Run a virus scan on your servers root folder to make sure but it is probably nothing.
    LVL 16

    Assisted Solution

    I have just been to the website and nothing. My antivirus didn't popup. Its most possibly a false-positive as other experts have already said.

    Author Closing Comment

    Thank you, guys. I also wrote to the techs at, the site that creates the feeds and they pretty much echoed what you said. I've written to the emailer and let her know what the verdict is for her information as well.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now