I was surprised by the sudden appearance of this Google chrome warning when visiting specific pages of this blog. It says:
https://www.braincontour.com contains content from nuled.in, a site known to distribute malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
This is the first time that I’ve gotten this type of warning on my blog. I tried loading the same questionable pages using Firefox and IE and did not get the errors at all. It looks like it was a Chrome-specific issue.
The Google Webmaster Tools listed 11 infected pages. Most of these posts do not even have outbound links in them. Google suggested I should identify the warning source and address the underlying vulnerabilities.
Details of the page warning says: “When Google last tested this page, your server returned content that directed the browser to a site that serves malware. Unfortunately, Google could not isolate the malicious code within this page.”
“…content that directed the browser to a site that serves malware”, how will that be possible? A quick site diagnostic run revealed that this blog isn’t currently listed as suspicious, never hosted malicious software over the past 90 days, but indeed could function as a distributor of malware to visitors who clicked the link nuled.in.
I spent time finding help from stopbadware.org on how to identify badware behavior and how to remove them. Specifically, I looked for malicious scripts that are often used to redirect visitors of my site to a malware-infected website. Then I thought of the Infolinks script I added few days ago. The date when I added it, matched the date that’s listed on Google Webmaster Tools when it detected the infected pages on June 12, 2012!
Since I could not find other malicious scripts nor hidden frames, I decided to delete the Infolinks script. Then I ran an online site check scanner. Results:
Further checking results to some good news.
– Your domain is not listed at Google Safe Browsing Blacklist. It means that probably there is no malware or phishing.
– The antivirus claims that there is no infected files on your website.
Was the Infolinks script the cause of the page warning? I am not exactly sure. What I am sure about is, after removing it, the pages loaded just fine and the warning disappeared. My thinking is, the problem was not specifically on the page but on Infolinks ads appearing on the page. It could be that one of the ads was linked to nuled.in!
I love Infolinks. I will put the script again if someone could give me more inputs about this issue.