Google "malware Code Injection" Warning

[keepersmith]

Hello,

I am hoping that some folks here might be able to help with a Revive-related issue my company has been having.

Our website (http://www.grocerycouponnetwork.com/) recently got listed by Google as a a Malware site.

I was hoping that somebody else might have some experience with this and could help shed some light on the issue.

 

Useful information:

* We are running Revive 3.0.5, with no additional plugins installed.

* The evidence presented by them in Google Webmaster Tools specifically referenced our Revive iframe tags:

<iframe id='a409f70a' name='a409f70a' src='http://rev.grocerycouponnetwork.com/www/delivery/afr.php?zoneid=3&amp;cb=784531156' frameborder='0' scrolling='no' width='300' height='250'>

* We had 2 banner networks rotating at the time - Google AdSense and Yahoo Media.net.

* We have no compromised database tables or anything - I have done a thorough check (both via httpd/access_log and revive tables), and no unauthorized access has occurred and there is no extra tag prepend code or anything like that.

* We removed our Revive tags altogether and requested a malware review - Google de-listed our site 18 hours later.

* We have since put Google AdSense tags back on the site (directly, not via Revive), and have experienced no further issues.

* Media.net is a big Yahoo-affiliated company that works with lots of advertisers, and when their tags are tested directly they do not return links to suspicious websites.

* Google "safebrowsing" check says that we have *not* hosted malware, just that we were "listed for suspicious activity".  This means that we did not directly return any malicious code to users (http://www.google.com/safebrowsing/diagnostic?site=grocerycouponnetwork.com), but linked through to compromised sites via our ad-tags.

 

So, we have narrowed the problem down to either A) Revive, AdSense, or C) Media.net.

Has anybody else had anything like this happen to them?  Is it possible it is some un-documented security hole in Revive 3.0.5?

If I can't find any evidence that the issue is with Revive, and we determine that Google AdSense would not send people to malware-ridden sites, then by process of elimination we would point the finger at Media.net.

 

Any help or thoughts or experiences would be greatly appreciated.

 

Thanks much-

 

 

[Snoork Hosting]

Hi,

I have checked your site really quick and it's showing that it's malware free at the moment. You did have a lot of malware reports thought from what I can see. The malware was probably coming from your ads, as Revive Adserver is pretty secure by itself. It also shows that malware wasn't hosted on your site, so it was coming from 3rd party content.

Thank you.

[vocalist]

I had a similar issue when using OpenX - there was NO malware at all - the ads were all via ad networks using trusted merchants - the issue was solved by contacting Google via the webmaster tools and advising them of this and the issue was resolved. Unfortunately, adservers like OpenX and Revive sometimes return a false positive so if you are 100% sure that your ads are 'clean' then might want to try the same. 

 

Oh and BTW - Google Adsense is not beyond sending folk to malware sites either - they are after all just another advertising platform who only check the advertisers on initial sign up (if at all!!). I use Adsense on a couple of sites and have had to block many of their advertisers due to this