Warning - visiting this web site may harm your computer!

Google warning about several stardock owned domains

from Stardock Forums

Searched google for "does nexus the jupiter incident have a first person cockpit view" and coincidentally the first hits were from joeuser.com and other stardock domains.  Much to my surprise and your dismay, clicking those links netted a page that said:

 

http://www.google.com/interstitial?url=https://forums.joeuser.com/334930

Warning - visiting this web site may harm your computer!

Suggestions:

Or you can continue to https://forums.joeuser.com/334930 at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

Advisory provided by

Google

 
11,916 views 4 replies
Reply #1 from Stardock Forums Top

Doing a quick investigation, it looks like you're getting flagged thanks to user subdomains on wincustomize, joeuser and (surprisingly...) sdcentral.net, amongst others.  I'll leave you to dig into this further, but as an example, here are two separate warnings that list some (not all...) problematic subdomains:

 

Safe Browsing

Diagnostic page for AS26554 (US)

What happened when Google visited sites hosted on this network?

Of the 232 site(s) we tested on this network over the past 90 days, 6 site(s), including, for example, baisecurity.ca/, stardock.com/, wincustomize.com/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tested a site on this network was on 2010-10-10, and the last time suspicious content was found was on 2010-09-29.

Has this network hosted sites acting as intermediaries for further malware distribution?

Over the past 90 days, we found 1 site(s) on this network, including, for example, sdcentral.net/, that appeared to function as intermediaries for the infection of 6 other site(s) including, for example, kfc.joeuser.com/, hc.joeuser.com/, joeuser.com/.

Has this network hosted sites that have distributed malware?

Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 6 site(s), including, for example, vbcbtpuvbvf.com/, qjisfimqbvf.com/, gderudmgfds.com/, that infected 14 other site(s), including, for example, alselcon.com/, yoursites.org/, vignaclarablog.it/.

Next steps:

and......

 

Safe Browsing

Diagnostic page for forums.joeuser.com

What is the current listing status for forums.joeuser.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 15 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-09-27, and the last time suspicious content was found on this site was on 2010-09-27.

Malicious software is hosted on 1 domain(s), including livertip.com/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including sdcentral.net/.

This site was hosted on 1 network(s) including AS26554 (US).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, forums.joeuser.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Reply #2 from Stardock Forums Top

And...finally, I see Firefox with default protection options will flag attempts to link directly to certain parts of stardock sites as "A reported attack site".  The URL I tried was "https://forums.stardock.com/398799" <--- don't click it, silly

 

Reported Attack Page!


This web page at forums.joeuser.com has been reported as an attack page and has been blocked based on your security preferences.
       
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

 

 

 

 

Sorry about triple posting.  The rich formatting made it difficult to copy/paste what I was seeing, then add new text without the stupid formatting.  I decided to not care about triple posting and just post the info I was seeing so that you can get to fixing it faster.

 

Offworld Trading Company
Reply #3 from WinCustomize Forums Top

https://forums.wincustomize.com/397587

 

Reply #43

We apologize for the inconvenience folks.  We have taken multiple steps to try and resolve this issue, but it is now in Google's hands.

Note: For those of you installing and uninstalling your browser: Don't.  The issue is not your machine or your browser.  You have not been hacked or compromised.  This is a problem with Google and our sites.  It will be resolved in time. 

Bara

Reply #4 from Stardock Forums Top

Thanks for the link.

I especially enjoyed the part where people started reinstalling their browsers, or started using browsers other than Firefox.  Or, god help the one that recommended Opera because it he thought the issue was browser based.