Saturday, August 02, 2008

Is SiteMeter's site infected with a virus?

OK, this has happened twice during the course of today's exciting Internet adventures. The first time I wrote it off as just one of those things, and I wasn't sure that the virus that my AntiVirus program had snagged was associated with the particular site I had opened.

But it just happened again. I opened the SiteMeter News/Announcements Weblog, and - BLIP - I got a message saying that my Webroot AntiVirus had just stopped the virus Exp/SWFScene-A from installing itself on my computer.

What is this virus? Is this just some innocuous bit of code that my AntiVirus is misinterpreting as a virus?

You know what? I have no idea. It's been a long day, and I really don't feel like starting another online investigation. I'll e-mail this post to SiteMeter and see what they can figure out.


UPDATE, 8/3/08, 9:24 AM: Just tried it again and got the same thing. What does it mean? I'm guessing that "Exp" stands for "Exploit" and "SWF" for "ShockWave Flash." I don't think this pops up if I open the link to the specific post dealing with this issue. So is it connected to something that's on the main page that isn't on the specific post? Maybe the "Blogworld & New Media Expo" button on the next post down? And most importantly, is this a real virus, or is it something being misinterpreted as a virus?

This virus message always pops up after I deny a cookie from mafna.info. I can't find any information about this site, though it gets a side-mention on this page about Web Spam techniques.

UPDATE, 8/4/08, 9:18 PM: Just got a response from SiteMeter support:
Thanks for writing. We are currently aware of the problem and it has been resolved. If you are still experiencing the same problem or have any other questions, please let us know.

...Which sounds like a bedbug letter. So I'm not sure how to interpret it. But I do know two things:
  1. SiteMeter's News/Announcements Weblog looks different today than it did yesterday. Was there a virus lurking in one of the now-missing images?
  2. I can't upload the screen grab I just took of the new look to the SiteMeter News/Announcements Blog - or any other images. What's up with that?


UPDATE, 8/4/08, 11:07 PM: Looks like Blogger fixed the problem with image uploads. Here's the new, simpler, and virus-free "SiteMeter Weblog." Notice the differences from the above image.

Now virus-free!

4 comments:

Anonymous said...

Very odd indeed. We've got AV software installed on our side and I haven't seen anything really bad.

Hope you'll continue to stop by OPC even though the "crisis" has died down. Home Improvement really is a lot of fun :-)

Michelle HD said...

I think you might have this:

http://en.wikipedia.org/wiki/Zlob_trojan

D.B. Echo said...

Michelle, I'm pretty sure not. I didn't actually run my antivirus program in response to this message; it just said it had quarantined it - the first time around, it was in with a few things I know I had left in quarantine, harmless cookies from astronomy.com and tripod.com. So I just deleted it from quarantine. The functionality of the antivirus program when I was doing this was completely normal.

By the way, I just tried visiting that site again now, and the AV message did NOT pop up this time.

D.B. Echo said...

...and I just had a visitor from London come to my site with this search string:

exp/swfscene-a sitemeter

...for which I am the ONLY hit. So what's up with that?