Malicious website warning

20 May 2010 - Dave

One of the guys at work was trying to contact a mid-west company he’d done business with in the past. There was no response by phone, fax or email so he tried the web. He came and got me when virus warnings popped up in Firefox. When I got there it was prompting to download bogus antivirus software.

Quick ways to close the web browser without risking infection is

• alt-F4
• or bring up Task Manager and do End Task on the browser

To be safe we ran scans with antivirus and anti-spyware software.

Here’s details

Entering the site name (www.classicgears.com) directly in the address bar appears to open the website normally. I could browse around the website without problem.

Searching for “classic gears and sprockets” in Google, Yahoo and Bing and then clicking on the www.classicgears.com search link causes the browser to redirect to another site. The destination site claims the computer is infected and offers to download antivirus software. This occurs in Firefox, Chrome and Internet Explorer.

The redirect doesn’t happen when using a Mac though. The redirect only happened when using Windows. The website was clearly waiting for Windows’ users that referred by one of the search engines (Google, Yahoo or Bing).

Pinging the website seems to show that it hosted on megawebservers.com. I sent them a heads up.

Pinging www.classicgears.com [69.49.101.57] with 32 bytes of data

DNS record for 69.49.101.57: hostedc11.megawebservers.com

The destination site is www2.smoothsouthernsoulandblues.com <== DO NOT VISIT THIS URL UNLESS YOU WANT TO GET ZAPPED!

• Google has a form to report malicious URL’s (badware report form).
• Arstechnica.com – Google crowdsources malicious web site detection to combat search poisoning.
• SunBelt Blog: BREAKING: Massive amounts of malware redirects in searches