This site may harm your computer

Google and Firefox both provide safe browsing features. These tools try to identify potentially harmful sites by working with groups like StopBadware. If you attempt to visit a site listed as harmful, Google and Firefox will display a warning message. In Google’s search results, you will actually see something the “This site may harm your computer.”

Removing your site from the malware list, requires that you first fix your site security and then use Google’s webmaster tools for a review of your listing.

IFRAME Exploits

Before we go over what the block looks like and how to remove that “This site may harm your computer.” warning, I want to go over why your site may be listed.

Over the past week, we have seen a rise in IFRAME based exploits. We are still gathering data, but the issue appears to be a trojan that hijacks any FTP accounts found on your system. The trojan is either piggybacking on open FTP connections or getting the passwords from the registry. Once this happens, the virus logs into your server and modifies index., home. or default.* files with an IFRAME exploit.

These worms link to sites like:
goooogleadsence.biz, google-ana1yticz.com, hostyapics.net, and others.

These sites in turn either redirect or have malicious code on them. As a result, your site will get flagged in Firefox or Google search results.

In Firefox, you will see:

In Google, you will see:

Remove the “This site may harm your computer.” Warning”

To remove the warning, you must first clean up your site. The IFRAME exploit is just one of many possible items. You will need to dig through Google’s pages to see why you are listed. In another case, we found a third party ad-network had an infected ad. The infected ad was triggering the block. Once you identify the source of the block, you will want to remove it, and if possible identify how the malicious code entered your site in the first place.

Typically, we find compromised passwords, end-user desktops or insecure web applications to be the vector for the exploit. You need to identify the cause to prevent your site from becoming infected again. These web parasites can quickly wreck your site’s reputation, so getting to the source of the issue is critical.

Google’s Webmaster Tools

Once you have cleaned up your site, you need to have a webmaster tools account with Google.

Once you have your account, you will need to add your web site. This requires you adding your site to their dashboard and then completing the site verification process. You verify your are the site owner by placing a page on your site. Google will provide you with the name of the page.

Once you have verified your site. You can then view it. On the overview page, you should notice a note about malware being on your site:

Click on the request a review link. You will typically get a response within 48 hours.

Summary

Following this procedure should get your removed from the block list. If you find that you still are blocked after these steps, then you may want to consider hiring someone to help you out. The key is to eliminate the method the attackers are using to modify your site.

As we continue to get more feedback on the IFRAME issue, I will send some updates.

Menu