Google Chrome/Chromium reporting MP3Car.com as malicious

**mcore** · 08-30-2012, 04:41 AM

I was greeted with these pages this morning while attempting to open the forum. Apparently, Google has recently identified something they don't like.

Name: 1.png
Views: 239
Size: 79.3 KB

The same occurred when I opened the Attachments window for this message.

**daclothe** · 08-30-2012, 10:15 PM

Firefox says the same thing

**redheadedrod** · 08-31-2012, 08:03 PM

I get the same thing with firefox.. Does have a place to report that it is not.. It even describes the malicious programs it has found as mentioned in above message.

**Poita** · 08-31-2012, 08:30 PM

I got the same with all 3 browsers... IE, Firefox and Chrome.

**Freak4Dell** · 08-31-2012, 10:20 PM

Yup, getting it here, too, with both Firefox and Chrome.

**optikalefx** · 08-31-2012, 11:40 PM

Hey guys. I've been on this for 3 days now. We've removed a bunch of attacks but I think there are still more. Hopefully this will be fixed soon enough.

**mayhembdm666** · 09-01-2012, 11:36 PM

Have you made any changes recently as to what information the cookies / server side tries to obtain?
If you create a google analytics account/ webmaster account. It should report what is the trigger of this warning.

Google is constantly crawling and re-crawling the web, all the while finding new and changed websites. These websites are found by following links from other websites, crawling URLs submitted by webmasters and users, and so forth. Sometimes, during that process, we discover a website where something doesn't seem right. A website may look like a phishing website, designed to steal your personal information, or it may contain signs of potentially malicious activity that would install malware onto your computer without your consent. If we find a website that looks like it's a phishing page, it gets added to a list of suspected phishing websites. If we find a website that contains signs of potentially malicious activity, we start up a virtual machine, browse to that website, and watch what happens. If we see certain activities happen on that virtual machines (such as viruses being downloaded and installed), we add that website to a list of suspected malware-infected websites. The process for discovering suspected malware-infected websites is described in more detail in a paper written by Niels Provos and colleagues from Google's anti-malware team.

Googles Report Which will list what is currently still an issue

What happened when Google visited this site?

Of the 1189 pages we tested on the site over the past 90 days, 59 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-09-01, and the last time suspicious content was found on this site was on 2012-09-01.
Malicious software includes 8 trojan(s), 8 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software is hosted on 4 domain(s), including iisbubble.info/, implementingsigner.info/, hijackerssudden.info/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including klevfincnoci.org/, downsidehighend.org/.

This site was hosted on 1 network(s) including AS46562 (COLO).

**optikalefx** · 09-02-2012, 12:24 AM

Thanks. We do have webmaster tools setup which has helped me kill most of the attacks. We seem to have a recurring injection attack that is just putting some link to a malicious site at random times. So we're doing all we can to find the hole and patch it along with fixing current attacks. To this point no personal information is at risk.

**sparx** · 09-02-2012, 08:25 AM

Mp3car is showing up as a reported attack site in firefox (and google) - and Avast alerts me there is a virus/malware/trojan/etc if I come in from google

Edit: I see I managed to miss another post about this - sorry guys!

**redheadedrod** · 09-02-2012, 01:13 PM

Chances are this is due to an unsanatized input..

You are likely getting an Injection attack after someone found an unprotected routine. If this is in the forum software I would hope that the original creator of the forum has a fix for it... If it is custom software you need to check your routines that save data to the database and look for anywhere you save things to. Chances are you have something somewhere that is allowing code to be saved without being checked for code.

Also you need to look at the code you use for uploading pictures since Malicious code can be hidden as picture files. When someone opens the picture the computer will run code hidden in the picture.