Welcome to WebmasterWorld Guest from 54.196.175.173

Forum Moderators: incrediBILL & martinibuster

Message Too Old, No Replies

HTTP Trojan Mebroot Request served through AdSense?

my users are complaining about a trojan

     

bcc1234

4:13 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Is anybody else seeing this?

A bunch of users on my forum say they are getting warnings from their antivirus programs. Is it a false positive or is some advertiser trying to spread infected flash ads?

maximillianos

5:17 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



We had this happen a few months back. Turns out it was a problem with our banner ad network (TribalFusion). They told us one of their IP addresses got on the virus list by mistake. They told us it would be fixed in the next update of the user's anti-virus software.

We said that was not acceptable. We suggested they swap that IP out. They offered no other solution and just kept telling us to re-install their code. We dropped them. It was making us look pretty bad, like we had a virus on our site.

Turns out we make more by running an Adsense image banner there than we did with their ads, so it was a net gain for us, and a big net loss for Tribal... ;-)

bcc1234

5:32 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



After searching a bit, I saw some references to the "Real Media" network.

It looks like one of Google's ad partners.

If there is a way to confirm this, then we could simply block that network in the AdSense settings.

bcc1234

5:32 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



maximillianos, I agree. This makes my site look really bad. People think that we are somehow spreading the trojan or that the forum is infected.

b8caster

6:00 pm on Apr 26, 2010 (gmt 0)

5+ Year Member



YES! I've been getting the same reports from my visitors since Friday 4/23. I have seen very little about this, so it appears Google isn't aware of the issue. So I have blocked all 3rd party networds on Adsense for now (102 of them!). I don't know yet if this will temporarily solve the issue.

I'd sure like to hear directly from Google on what they're doing about this, and an ETA when it will be fixed.

bcc1234

6:51 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I just blocked all networks. Wonder how much time it takes to go into effect.

On a side note, I was wondering what it would do to my ecpm. I wanted to try blocking them all and run this test for a while. I guess now is a good opportunity to try it.

b8caster

7:13 pm on Apr 26, 2010 (gmt 0)

5+ Year Member



I'll take the temporary hit in ecpm. I can't afford to have visitors think MY site is delivering viruses!

netmeg

7:58 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Every time I've seen this happen before it's turned out to be some weird thing with the AV program. I used to see it from time to time with Trend Micro. Then they'd issue another update, and it would go away.

b8caster

8:03 pm on Apr 26, 2010 (gmt 0)

5+ Year Member



I initially thought that too, unfortunately this is coming from visitors with different AV programs (Avast, Norton, McCafee, etc)...all at the same time. It's extremely unlikely all the AV programs have the same problem at the same time.

bcc1234

9:55 pm on Apr 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Same here. Different AV vendors. So either they pull signature databases from each other or there really is an infected ad somewhere on the ad network.

b8caster

9:02 pm on Apr 27, 2010 (gmt 0)

5+ Year Member



It's been 24hrs and I've seen no drop in my ecpm. In fact, I noticed an increase. Go figure!

Still no word on the viruses, but I have found more threads elsewhere reporting various viruses being spread via adsense.

I've had no reports of viruses since removing those networks.

bcc1234

11:46 pm on Apr 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Same here. I see a lot fewer flash ads. So most of them probably came from other networks. ECPM is the same so far, but it's too early to tell.

And yes, no more reports of a virus from the users.

I might actually keep the settings this way.

bcc1234

3:26 pm on May 29, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Well, I'm getting reports from users again.

Anyone else?

Leonard0

7:03 pm on May 31, 2010 (gmt 0)

5+ Year Member



Not me (so far), but I am concerned about the effect this could have on the Adsense program.
Have you reported it to Google?
There is an Adwords feedback form at [adwords.google.com...]
but it seems to be mainly for reporting offensive ads, not ads with malware.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month