Where is this virus message coming from?

Posted on 2009-04-30
Medium Priority
Last Modified: 2013-11-22
Yesterday, I received this message from a visitor to my website:
This morning about 9:30am or so (Wednesday), I went to your site and clicked on the column and headline about cuts at clearchannel.  At that time, a security alert appeared warning of the following virus
I am advised that this virus is one that invades a computer to copy keystrokes etc.
Thought you would want to know.
The link that the visitor clicked on appears in an RSS feed, along with other links. The page itself has been up for about 45 days with no reports of any type of problems at all.

You could probably call me a low-end intermediate user. As such, I have no idea how the visitor got the message she wrote to me about. I visited the page and did not receive any warning.

Where is it most likely to be coming from? The RSS feed/site? Her computer? My web page, somehow? Someplace else?

The page is the home page to my site, www.radiogeorge.com. You'll see the RSS feed at the right hand side and the link that the writer referred to is still there, "Second Round of Job Cuts Hits Clear Channel Radio Nationwide."

Thanks for your help.
Question by:RadioGeorge

Assisted Solution

aamodt earned 200 total points
ID: 24274349
It is her computer, if you and nobody else have been promted with that kinda message..

The virus on her computer is posiablly injecting the Javascript on anysite or "popular" sites on here computer.

This is the most posiable solution, I am not getting any promt up and im running a pretty disent Virus checker program

Accepted Solution

my2eggs earned 1400 total points
ID: 24274491
Here are the details about the virus:


Note this is a proof of concept virus, meaning that the original virus doesn't really do anything other than prove some new technique. In this case it proves that a mutating virus can be written using a scripting language. That being said someone may have rewritten it to actually do something harmful.

It is a javascript based virus. So by looking at your code I would have to say the virus was coming from the widgetbox you have on your site. Now when I try to click on it from within a virtual machine I have I don't get any warnings either and I use a fully up to date virus program with spyware detection. It's possible that the user simply had a false positive. There are a few virus programs that are very sensitive and give a lot of false positives. Either way I do not believe the virus would be coming from your code alone.
LVL 17

Assisted Solution

OriNetworks earned 200 total points
ID: 24274693
The clients software on their own computer might be incorrectly identifying your code as a virus. This is called a false positive. Make sure you double check your code and make sure the files arent tampered with. Run a virus scan on your servers root folder to make sure but it is probably nothing.
LVL 16

Assisted Solution

warturtle earned 200 total points
ID: 24283295
I have just been to the website and nothing. My antivirus didn't popup. Its most possibly a false-positive as other experts have already said.

Author Closing Comment

ID: 31576654
Thank you, guys. I also wrote to the techs at widgetbox.com, the site that creates the feeds and they pretty much echoed what you said. I've written to the emailer and let her know what the verdict is for her information as well.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question