Malware Warnings, Bloggers, MADads Media, Nuclear Reaction - How To

Hey Everybody I'm back (Now I'm tired by giving excuses every time for my months long absence So, Don't expect it at least any more in this post, lol). Anyway, during this month's absence I got a total of three or four offers from companies to write an honest reviews about them. And I promised them to share my thoughts on their products after test soon in February. But today's post is not an on demand review. The today's post covers MadAds Media Review and a real story that just happened in which thousands of websites got malwared like a nuclear chain reaction.

Today when I got some time just before kick start work on a SEO campaign for my some new niche projects I got a message straight from my friend Syed Faizan Ali. Yup, you got it right, I'm talking about the guy behind My Blogger Lab, Templateism and many other startups which are now well known in Blogger industry not less than a Tycoon.

The conversation starts to visit the mybloggerlab.com. At first I guess it is a normal request to check blog either isit working fine or not or may be he put something great over there. Look at below screenshot to see what I saw when I try to visit my blogger lab.

Wow! The website Ahead Contains Malware and Google Chrome has blocked visitors to access the website.

In most cases with malware notice chrome usually also mention the url of major source of malware. For example if that is because of any malicious link of any script we used in our blog but hosted on any third party website.

But it is clear from above screenshot we didn't get any clue of the malware distributor. So, in the beginning we don't have any evidence what just has happened to the site. So, I asked faizan to ensure me that you have not accepted any comment in the last two days to eliminate chances of something close to hacking. And he said "NO, Even I didn't make any kind of changes in my blogger lab". Then in the next move Faizan dressed MBL with complete new template without any external scripts and some widgets to make sure that none of script used in blog is not hosted on 3rd party sites which got malicious. But nothing changed. Keep in mind the traffic during this time has dropped to almost zero from multi thousands of visitors. So, obviously as longer site remains down the bigger the loss faizan would have to face in terms of revenue, visitors trust, SE visibility, etc.

In the mean time faizan got a malware confirmation message in Google webmaster tools,

Google has detected harmful code on your site. We recommend that you clean your site as soon as possible. If the malicious content is not removed, Google's search results may display a warning when users click a link to your site to protect them from malware.

 and an email too straight from Google Search team,

• Dear site owner or webmaster of mybloggerlab.com, We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com. Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs): http://mybloggerlab .com/ http://www.mybloggerlab .com/ http://logocreator.mybloggerlab .com/ Here is a link to a sample warning page: http://www.google.com/interstitial?url=http%3A//mybloggerlab.com/ We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because: 1) the site was compromised 2) the site doesn't monitor for malicious user-contributed content 3) the site displays content from an ad network that has a malicious advertiser If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites: http://www.stopbadware.org/home/security Once you've secured your site, you can request that the warning be removed by visiting http://www.google.com/support/webmasters/bin/answer.py?answer=45432 and requesting a review. If your site is no longer harmful to users, we will remove the warning. Sincerely, Google Search Quality Team Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.

Long story short later on accessing MBL via search results we got a new kind of malware warning with useful links in detail.

By diagnosing blog link via Google's Safe Browsing diagnostic page option Google clearly mentioned MadAds Media as malware distributor. After that faizan removed MadAds media ads from blog and submitted a reconsideration request via Webmasters.

How To Remove Malware Warning From Google

 To make your blog accessible and unblock by Google after removing malware content you have to submit a reconsideration request. The process to submit malware removal request is quite simple. Just go to Google Webmaster Tools > Crawl > Security Issues > mark check on 'I have fixed these Issues' > click on 'Request a Review button', all done.

Now thanks to ALLAH (SWT), the blog reinstated just with in five hours after submission of reconsideration request. But unfortunately we missed to take screenshot of mbl's diagnosing report by Google (now its not accessible) in which MadAds Media was clearly mentioned. But sadly MadAds media still didn't fix their malware distributed link (http://deore-medias.org/), its still blocked by Google with malware warning.

Update: Now Syed Faizan Ali has also provided a screenshot of Google Advisory report clearly showing MadAds Media as responsible. Checkout following screenshot:

What will happen if I will not remove malware content from my blog?

Well I'm not sure about the WordPress or self hosted blogs and sites but I'm sure after few days your blog will get locked by Blogger if its hosted on Blogger.com. The visitors will get a redirect to blogger.com page with certain message on page.

This blog is under review due to possible Blogger Terms of Service violations and is open to authors only

Whereas via accessing your blog via blogger.com you will see a yellow marked notice and popup message that Blogger's malware-prevention robots have detected that your blog could cause malicious activity on a reader's computer. And its now locked because of violation of Blogger's Terms of Service.

Why I Said This Malware Warning as Nuclear Chain Reaction?

I don't have idea about the total of number of publishers registered on MadAds media, but for sure active ones would be in thousands (at least). For example if 1000 Publishers are using MadAds Media ads on their blogs then all will  suspect as malwared by Google. After that if any one of them is like My Blogger Lab whose links are present as Sitewide links in footer or sidebars or in posts then all of blogs and blog posts giving link backs to resources like MBL will also get suspect as Malwared by Google. And you guys know a total of 1500 unique domains are referring MBL (source ahrefs.com). Probably the MBL referrers will also have there referrers, and so on. I made Malware Nuclear Chain Reaction confirmation for MBL by using  "powered by mybloggerlab" in Google search. You can test it also by opening sites referring malwared sites especially via sitewide link.

In last there is a small suggestion for all folks that don't panic if you are getting malware warning on blog. If its simply on a single blog page, then go to that affected page and find the responsible malware distributor url. If your complete blog showing malware warning than potentially the responsible malicious stuff would be present in your sidebars, widgets, in theme / template, check your sub-domains too to find malicious downloading, plugins or software or access .htaccess in WordPress to hunt the possible injected malicious scripts or redirects.

One thing more keep in mind that it is not necessary that your blog will get blocked and show malware warning on entire internet. In above case the blog is only showing malware warning on chrome, not on Mozilla firefox and Internet explorer and on other online proxies. Well for MadAds media review you can hit MBL where faizan is going to publish a stunning review of this ad network that will make you able to decide whether to choose or keep it anymore or not :P Over to you!