Warning, this is a bad site!
February 25, 2007 11:39 AM   Subscribe

Why is Google warning that Yochai Benkler's site is bad? Here's Google's warning

He's the author of a very good book and I've been to this site in the past. His whole book is available through the site. It also has a wiki. Is anyone familiar with malware in wikis?
posted by Toekneesan to Computers & Internet (6 answers total) 1 user marked this as a favorite
It seems to be a bug in the google toolbar; clicking on the link to "StopBadWare.org" in the warning page should give you a report as to why it's listed, but it claims it's not listed. Probably a glitch in the matrix.
posted by jferg at 11:45 AM on February 25, 2007

Unfortunately it's not a glitch in the matrix - this happened to a friend of mine. If a site gets this warning and isn't listed on StopBadWare.org it just means that Google have blacklisted it themselves - they don't share their reasons with StopBadWare, and provide no mechanism to find out why they've blacklisted you. The link to StopBadWare is something of a red herring.

Unfortunately there's nothing I can suggest as a remedy - Google are completely uncommunicative about this issue, which I think is scandalous.
posted by simonw at 12:34 PM on February 25, 2007

The wiki could be the problem - he really needs to scan through absolutely every page / link on the site looking for anything nasty. My friend's site was eventually re-included.
posted by simonw at 12:43 PM on February 25, 2007

Definitely something hinkey goin' on. When I load the page in IE 6 Spybot S&D asks if I want to allow a global start up ... (something) registry change and below that it says "xx_Shell" then the computer reboots. But with FireFox (plus NoScript and Adblock) I don't have a problem loading the page.
posted by squeak at 12:43 PM on February 25, 2007

Looking at the source file of that page, there's a single line of Javascript that prints out an escaped string. That string, when escaped, resolves to an HTML IFRAME. That IFRAME points to a page which contains another IFRAME, which contains another obfuscated Javascript which appears to write out a plug-in exploit that installs Christ-knows-what on your system. Nothing happens in Firefox because this exploit is IE-specific.

In other words, his page/server has been hacked and he is effectively hosting spyware on his site. squeak should probably be running all sorts of virus and malware scanners on his system, in case SpyBlock didn't catch it completely.
posted by Danelope at 12:54 PM on February 25, 2007 [1 favorite]

(guines pig reporting for duty) First thing I did when the computer finished rebooting was run a few scans. Thankfully, whatever it was didn't get a chance to infect my machine.
posted by squeak at 8:21 PM on February 25, 2007

« Older Suggestions for Hanggliding Class - So. Cal   |   Why won't PHP recognise this extension! Newer »
This thread is closed to new comments.