polybore: Blogcatalog gets hit by malware Trojan distribution adverts.

Thursday, March 12, 2009

Blogcatalog gets hit by malware Trojan distribution adverts.

Update: BC finally reveal what happened here.

It seems that some of the ads that BlogCatalog has been carrying are for websites which infect vulnerable computers with malware/ trojans.

Here is the Google report on why they are issuing the warning.

To see a larger clearer image of the report click here.

It seems that malware distributing flash banners associated with the IP address 82.98.193.102 have been known about since at least October 2008 http://msmvps.com/blogs/spywaresucks/archive/2008/10/31/1652595.aspx

Norton Safe Web reports 18 virus threats at that IP. https://safeweb.norton.com/report/show?name=82.98.193.102

Ok you we can say that BlogCatalog has been carrying the ads in good faith and how were they to know that these adverts were disreputable.

Well you can just about get away with generous line of thought until you scrutinise some of the ads BC has been carrying a bit more closely. 7 days ago Polybore started a discussion complaining about the low quality of the ads on BC.

http://www.blogcatalog.com/discuss/entry/are-the-bc-banner-ads-annoying-you

During the disscusion Polybore scrutinised one advert that was particularly bugging because it was advertising link selling which Google really frowns upon. In a sense buy a link from us and watch your Google Page Rank fall like a stone which looks like a scam. They imply they can get you a link on the PR 10 US.gov website. Yeah right and Polybore can get you a nice condominium on the moon.

Here is the ad in question.

The ad rotates to display how much it costs to buy a link, starting from $1.48. Now the fact the site advertised is selling links is suspicious in the first place, however it gets worse. Polybore visited the site (fortunately without getting a Trojan) that is selling links to find it has a Google PR of 0, yes zero. Who is going to buy a link from a site with a PR of zero.

Polybore has to say that BC has brought this problem on themselves. It was obvious that these ads were of a very low quality and some were for products verging on scam. BC could have avoided this problem and, unless BC gets their ads sorted, it is likely to happen again. It can take a while for these warnings to be taken down by Google etc. and it is just not worth the risk.

Come on BC get the ads sorted.

14 comments:

StillThinkingMar 12, 2009 08:53 AM
Thank you for this post. It explains a lot including the issue with BC crashing nearly non-stop last week. I understand that BC needs to generate revenue to stay in business, but you're right. They should be more thorough in vetting their ads prior to posting them on the website.
ReplyDelete
SBAMar 12, 2009 08:57 AM
I encountered the block this morning and was shocked -- thought the block was malware! Very annoying since now you can't do anything on BC, even visit your own profile. I found that direct links in my old email notes work -- go figure.

I also complained about the flashing ads which are so distracting and force you to page half-way down the page to get to pertinent information. The response was 'we need ads since the site is free' --- okay then maybe charge a registration fee but don't overwhelm us with ads!
Thanks for this post...
ReplyDelete
lislemanMar 12, 2009 09:40 AM
thanks for this post
now how long does this take to clear up?
ReplyDelete
Jeunelle FosterMar 12, 2009 09:58 AM
Excellent post, too bad BC choose to lock your discussion link to this blog post too but we can come here and discuss the topic freely. This explains a lot of the crashing, flashing ads, malware and spyware coming out of BC lately not to mention that I did remove all my Communities from BC because I suspected something funky going on but there are many reasons besides that why I did choose to remove my communities from BC anyways. Of course it serves no purpose to speculate but the mind goes where it wants. The IP address 82.98.193.102 look up doesn't say too much and who the heck is this Oliver Van Loven anyways? BC does have a problem with their ads and that is obvious and I sure hope they clear it up because right now the cheap ads makes the site look cheap even after the new redo and I have to laugh at all those snotty "know it all's" who come out in the discussions to tell us not to click on Adsense links and do our due diligence but BC sure didn't do their due diligence when they chose to air these cheap spyware/malware ads for us members to click on. This is really rather very funny to me. ROFLMAO
ReplyDelete
TBCMar 12, 2009 10:29 AM
I loved your post. Thank you very much. You explained the whole situation in a far better way than anyone else I've read over at BC. Thank you.
ReplyDelete
polyboreMar 12, 2009 12:28 PM
Thanks for the positive feedback everyone.

lisleman, regarding how long it will take to fix, it is difficult to say. Provided BC identify and take down the guilty ads the risk will be over. The problem now though is that Google have flagged BC, specifically blogcatalog.com/users as "This site may harm your computer". So the warnings will not cease until Google is satisfied that the risk is over.

Jeunelle. Yeah the dodgy IP. Polybore's guess is that what they do is set up a website and fill it with viruses, spyware and the like. Then buy a bunch of cheap ads. By the time the site is flagged they have infected thousands of computers and trawled them for bank details etc. Like the winkeychecker(.)com mentioned in the Google report.

If this siteanalytics website is anything to go by winkeychecker(.)com has had 90 thousands hits since it appeared in January. http://siteanalytics.compete.com/winkeychecker.com/

Soon the website will be gone but the damage will have been done.
ReplyDelete
Jeunelle FosterMar 12, 2009 12:59 PM
Yup that might also explain why something just kicked my Firewall right out, this was weeks ago when the site was crashing. I had to call my company to get them to reinstall the Firewall and they still can't tell me what kicked it out but of course I am not speculating that it is linked to BC but it was suspicious.
ReplyDelete
AlanMar 12, 2009 02:48 PM
feh. you aren't serving Any ads on this site (or else my ad block plus is succeeding). BC serves up huge numbers of ads in order to support a very professional destination web site. As soon as the problem was brought to their attention they began trying to solve the problem in three different ways (appealing to Google, removing the ad and changing the URL's) and you are Still flaming them. feh.
ReplyDelete
polyboreMar 12, 2009 03:34 PM
Alan, Polybore appreciates that BC need to carry ads to generate income and Polybore enjoys using the BC site. However if you are so cool with ads on BC why are you running an ad blocker?

Not quite sure how you can say Polybore is flaming anyone. All Polybore has done is report what happened and suggested that BC be a bit more circumspect about the ads they run.

Polybore is sure that BC has handled this in the best way they can. You must bear in mind that Polybore wrote this post before BC provided any information as to what had happened and what they were going to do.

Having said that when BC started running those suspect ads they were taking a risk that something like this would happen.

Actually this blog does carry ads (google adsense). Polybore is confident that Google checks them for malware before serving them up.
ReplyDelete
LilianMar 12, 2009 09:13 PM
thanks for this information until now i still cannot open my viewers from my blog cause the security warning will come out. hope BC will soon fix it
ReplyDelete
mizdiMar 12, 2009 10:05 PM
Polybore published a fact..supported with a Google Report at that. I find his subsequent analyses (on the kinds of ads that were put up by BC on their site) revelatory and helpful, because I got aware of such ads and specific malicious sites.

What I couldn't understand is why a very balanced and unbiased article like this could still be branded as "flaming".

Flaming what? Flaming who? I see no intention whatsoever on the part of the author.

In fact I commend this article and I am Stumbling it and Tweeting it for all the world to read.

Thanks Polybore for the article. You may want to change your name to Polyinteresting..but only if you want.

good day,

mizdi
ReplyDelete
AshokMar 14, 2009 03:58 AM
I didnt click any of the advts in BC. Even then my pc was attacked after i visited BC. Though my AV could remove the trojan, it reloaded after every reboot. I then ran the AV/Firewall upgrade to get rid of this problem. It was annoying and i had a horrible time for 2 days.

How can this trojan attack my pc without my clicking the advts? Something fishy? Is BC becoming unreliable?
ReplyDelete
polyboreMar 14, 2009 12:24 PM
The problem with these Flash based malware distributing adverts is that you don't have to click on them to get infected. See here for more details. http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1341749,00.html

It is really important to keep flash up to date and also important for Web sites like BC not to allow their ads to run scripts.
ReplyDelete
Lana GramlichNov 29, 2009 08:27 PM
Ironically, I've been having this problem for the past couple of days. Since I dare not go back to BC because of it, I have no way to notify them. Ah well.
ReplyDelete