- Thursday, 8 January 2009
- INQ Mobile
- RSS Feed
We do not write because we want to; we write because we have to - Somerset Maugham
Google now says JavaFX product blog is dangerous
A DAY after we reported about Google's anti-malware warnings applied to an old Palmsource software guide, we found that it is also flagging a perfectly legit Java FX company blog as a potentially dangerous site as well.
Reportmill is a small yet well known software firm in the Java marketplace. Based in Texas, it created a reputation for itself with its namesake reporting tool for Java applications, now at version ten, which allows to easily create reports as PDF, export data to Excel files, and more. So, it really caught our eye when we saw, once again, the legend "This site might harm your computer" attached to an otherwise legit web site.
Like many users, we used Google to find the web site for the firm's JavaFX visual development tool, "JFXBuilder " using this innocent search string. Instead, like in Palmsource's case, we got an interceptor web page with references to malware: "You can choose to continue to the site at your own risk. However, please be aware that malicious software is often installed without your knowledge or permission when you visit these sites".
So the INQUIRER contacted Reportmill, and showed them our screen shots, the same ones you can see here. We originally thought the firm would be incandescent about it. Yet, apparently being a Search Goliath has its benefits... small firms do not get too upset about anything, and this scribbler suspects that's because most small firms' sales actually depend on search engine results.
Joshua Doenias told the INQ: "We've seen this warning from Google and are looking in to it, but haven't yet identified the problem. Personally, I think this is a useful service that Google is providing. If someone has added some malware to my site behind my back, I'd much rather hear about it from Google than from an angry customer whose hard drive has just been trashed."
For the record, this scribbler checked the web site and there was no malware
whatsoever. Jeff Martin from Reportmill blamed it on the site's blog which ran
an older version of Wordpress, and on which apparently comments were inserted
with links to questionable web sites: "I assume that Google has some automatic
virus scanning software." he said, adding: "It did actually seem like our blog
page got hacked - though I don't know if it was necessarily dangerous to the
user, it just inserted a link in our blog text to some questionable site".
It really speaks volumes for Google when experienced software developers can't easily find a way to remove the "Malware warning" from their site. "A few times I've gone to the Google page that talks about why they've flagged these pages this way, but I can't decipher their instructions for getting the pages exonerated by Google," concluded Martin.
Firefox 3.0 says the sky is falling
First an ancient PalmOS applications catalogue flagged as dangerous, and now a JavaFX product blog. INQuiring minds want to know if these are isolated incidents or if, in fact, Google's intelligent algorithms are too sensitive and are flagging a lot of perfectly honest sites as purveyors of malware, just because a spammer pasted rogue URLs into a blog's comments section. µ
Share this:
Business Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
According to IE7 and AVG free, the problem comes from a page called wp-stats.htm from http://www.wp-stats-php.info/iframe/wp-stats.php. AVG is flagging it as a trojan downloader.
Quote: Of the 14 pages we tested on the site over the past 90 days, 10 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 07/01/2008, and the last time suspicious content was found on this site was on 07/01/2008. Malicious software includes 15 trojan(s). Successful infection resulted in an average of 2 new processes on the target machine. ... Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. ------------- Seems fair enough to warn then eh, 15 trojans might be false detects but 2 new processes doesn't sound like it is to me.
I'd be more concerned if you used Google to search for "Microsoft" and it DIDN'T flag as a malware site.
The point is that Google is usually *right* about malware being available on the site, even before the owners know it. This is especially true for all the "blog" pages out there, which invite posting by all kinds of nasty spammers and phishers. As to getting removed, clicking about 3 times on Google will lead you to this URL: <http://www.stopbadware.org/home/reviewinfo>, where you can apply for removal.
I went to that JavaFX blog and all of a sudden I've got Avira Anti-Vir telling me it's picking up a malicious script in my browsers temporary files. Either everyone's heuristic engines are a bit broken, or perhaps the blog DOES have some malware on it (by mistake).
Add mobo maker Foxconn to the list... They are the only makers with a non 780g amd chipset to have an sb700 ....its a 770 mobo...I wanted to go to thier site to make sure it was not a newegg screwup but google was blocking me.
> AVG is flagging it as a trojan downloader. That's because it *is* a trojan downloader. wp-stats-php.info is a known Chinese exploit server. > in fact, Google's intelligent algorithms are too sensitive and are flagging a lot of perfectly honest sites as purveyors of malware, just because a spammer pasted rogue URLs into a blog's comments section. Rogue URLs are nothing to do with it. It is a compromised web page that is entirely capable of infecting you if you simply visit it. Please do check what's actually on the page before pronouncing "in fact" that Google is wrong. > It did actually seem like our blog page got hacked - though I don't know if it was necessarily dangerous to the user Yes, you got hacked, YES it's dangerous to the user! It's an iframe loaded whenever the page is, not a link someone has to click - you only have to View Source to find that out! > I can't decipher their instructions for getting the pages exonerated by Google Free clue: getting your pages exonerated means first you have to FIX THEM. Get the compromised box off the net and stop infecting your users for goodness's sake. Everyone else: please do not visit this site just to see what happens. You cannot necessarily rely on anti-virus to protect you from all the latest web exploits.
I know a couple of site owners who've gotten blocked, and both of them did find malware on their sites, specifically in the PHP based forums. The problem is that when Google does find something, they don't contact the site owner. I don't know why they don't, but I'm glad they protect those poor bastards running Windows from themselves <EVIL GRIN>. Seriously though, I'm glad that Google is doing this, and so should all those using Windows. After all the alternative is your computer becoming a botnet slave, and credit card numbers being sold to the highest bidder. Again, remember that machines running Solaris, OSX, BSD, Linux, OS2, etc. are immune to this sort of stuff. If you can't switch operating systems, consider running Linux as a virtual machine and using that to access the interwebs.