[nefarious]

Have you seen this:



Google Safe Browsing diagnostic page for www.computrackboston.com/


Safe Browsing
Diagnostic page for G.M.D. Computrack NorthEast

What is the current listing status for G.M.D. Computrack NorthEast

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 4 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 06/26/2008, and the last time suspicious content was found on this site was on 06/16/2008.

Malicious software includes 8 trojan(s). Successful infection resulted in an average of 1 new processes on the target machine.

Malicious software is hosted on 1 domain(s), including 58.65.232.0.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, G.M.D. Computrack NorthEast did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

[OreoGitorio]

Huh.... that must be why the site is blocked at work

[nefarious]

yeah thats what you get if you try to access the site from a google search

[gmdboston]

Any one know how to fix it????

[SVRACER01]

Quote:

Originally Posted by gmdboston

Any one know how to fix it????

that statement is PK code for...."huh?"

[Kurlon]

Edit: Ok, if you go to the GMD Boston home page, and 'view source' you'll see a nasty little obfuscated piece of javascript down at the bottom of the source. That's what Google is triggering on. I'm going to wager the server your site is hosted on has an SQL server backing it, and it got nailed by a drive by sql injection attack, which puts that string on the bottom of every piece of html it could find.

To translate the script, go here: HTML & JavaScript Encoder/Decoder

To fix, every piece of html on the site will have to have that removed. If you've got everything backed up locally, just re-upload the site.

[ssg]

Weird timing, I just went to visit Pete's site and symantec went apeshit so I figured I'd see what had occured recently...Symantec pointed me here:

Downloader - Symantec.com

I didn't check the site out after that but the issue claims to be with update.htm

[ZipPhReaK]

Good News ! The site is fixed now, and the only part of his site the code was attached was the front page. I removed it from the html, and all is good. He just has to get it touch with Google now to get off the "bad list".

If you traced the code it came from a web hosting company in Hong Kong. Crafty little nigerians.

[ceo012384]

You fixed PK's virused website? He totally owes you an Ohlins TTX.

[DBConz]

where's denno with the *nerd alert*