Is there anyone that could help me with this:
I have a few websites up and running and i have now started reciving a McAfee warning about the site when i type in the url to the search bar,
is this because the site has not been tested yet? if so how can i get the site tested ? lol
im new to this
Message was edited by: Hayton - modified subject header to add site names - on 16/02/12 20:36:08 GMTSolved! Go to Solution.
Your Javascript malware has been identified as the results of a serious attack involving the Blackhole Exploit kit. As your sites were constructed using WordPress it is possible that (although the version is shown as 3.3.1) they were in fact built using an earlier version, since 3.2.1 is known to have been vulnerable to malware attack.
Malware entry: MW:JS:160
Description: This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.
Note that every PHP, HTML and JS file can get compromised by this malware. On some variations of this attack, it is also compromised through vulnerable versions of Timthumb/WordPress.
Some anti virus programs will flag this type of malware (after infecting a computer) as Blackhole Exploit kit or similar names.
Affecting: Any web site with FTP enabled (and password stolen).
I think you need to add a certificate of the website to Mcafee. I'm just not sure on how to do this.
A warning means more than Not Tested. What's the website?
2 sites. www.electikrecords.com and www.mundermusic.com the warning is not coming up for me anymore but from what i know it is for others?
If anyone wants to offer help with this id be really greatful
Hi james,
Please Submit your rating dispute via email at support@siteadvisor.com or online at http://www.siteadvisor.com/userfeedback.html. During the evaluation of this dispute, McAfee communicates with site owners via email.
Regards,
It's not just a case of a SiteAdvisor false positive, or site testing not yet complete.
First, McAfee isn't blocking either of these sites, or showing warnings about them. The sites have a proviional Green rating, but testing of them is not yet complete (the SiteAdvisor pages for them show the grey question mark symbol). The blocking and warnings come from elsewhere.
The Google Safe Browsing page for electikrecords.com is HERE, and this is Google's blocking page :
Sucuri gives this site the thumbs-down because of Google's malware notice :
BrowserDefender says OK but shows the server is in Lithuania. Is that right?
mundermusic.com in Chrome says it needs to install an additional plug-in but doesn't say what that might be. Not Flash, because I have that. What plug-in is it asking for?
SiteAdvisor has this site as Green but Sucuri site checking gives a different picture -
BrowserDefender has not rated this site but says the server is in the United States : Chrome Flag info shows it somewhere in the Russian Federation. I would have expected these two sites to be on the same server?
Neither SiteAdvisor not TrustedSource shows any problem with these sites, and ratings from other bodies (including Norton SafeWeb) show no problems. Some of those tests will be more recent than others, but both sites must for the moment be considered as infected with malware.
You should probably contact Google as a matter of urgency, since their flagging of electikrecords as a malicious site will be noted and copied by other rating bodies. And check the javascript code listed in the Sucuri analysis - there are about 8 or 10 separate malware detections shown.
Message was edited by: Hayton on 16/02/12 20:21:24 GMTYour Javascript malware has been identified as the results of a serious attack involving the Blackhole Exploit kit. As your sites were constructed using WordPress it is possible that (although the version is shown as 3.3.1) they were in fact built using an earlier version, since 3.2.1 is known to have been vulnerable to malware attack.
Malware entry: MW:JS:160
Description: This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.
Note that every PHP, HTML and JS file can get compromised by this malware. On some variations of this attack, it is also compromised through vulnerable versions of Timthumb/WordPress.
Some anti virus programs will flag this type of malware (after infecting a computer) as Blackhole Exploit kit or similar names.
Affecting: Any web site with FTP enabled (and password stolen).
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: