Take a look at what happened to our site:
On 2-10-12, we were advised by one of our clients about the Red Virus Warning placed on our search results by Yahoo and its partner McAfee Antivirus.
This partnership is called The Yahoo Search Scan Beta Program.
Our site effected: Radio Malaysia Online
I have been maitaning my website () for the last 6 and half year. Radio Malaysia is one of the best radio online at malaysia, I am not using malware content, spyware content in my website since launched. For the last 4 days I found Dangers Site from Yahoo Search Engine. I am not able to understand why this message coming when open my website. Radio Malaysia has hundred of users daily. this warning will impact on my genuine users. So that I request you to suggest me how to avoid this warning "Dangerous Site" on my website.
I am eagerly waiting for your positive reply.
Thanks and regards
Wan Arif (peace no WAR)
Message was edited by: masterg on 2/14/12 5:09:46 PM CST
I get nothing like that using a Google or Yahoo search. Only a grey assessment from SiteAdvisor meaning your site hasn't yet been assessed.
Here's a link on how to contact SiteAdvisor: https://community.mcafee.com/message/66185#66185
This looks like either a Yahoo problem, which would have nothing to do with McAfee, there is no partnership there, or the actual machine you are using is infected.
Any other clues?
What security software and version are you using? Also what operating system and service pack?
I see from the Yahoo Search options that their 'Safesearch' as they call it is still a beta product, so at best is unreliable.
Have you tried Yahoo support also?
Meanwhile someone from SiteAdvisor may be along soon and spot this.
Message was edited by: Ex_Brit on 14/02/12 8:16:22 EST PM
thank q because check this website for me, this you enter www.yahoo.com the type www.radiomalaysia.info ,
Okie im using Antivirus Internet Security Kaspersky. So when i type www.radiomalaysia.info the result become like picture like i attachment. Please some one can check my website what is actually happen. My site dont have warez download, all is cleen.. just here the radio only...
im already try yahoo support, but their nothing feedback.. so sad, this u have url feedback i can prefer...
anywere thank q peter see my website problem...
Ok I have asked one of my colleagues to help here as I really am not too sure about the workings of Yahoo Search. Please standby and he will give you his opinion.
The warning in the search results comes from Yahoo Safesearch - see http://www.marketingpilgrim.com/2008/05/yahoo-safe-search-serp-searchscan.html
However, that page also says
Yahoo’s new advisories are based on McAfee’s Site Advisor findings and are used to denote sites that may feature dangerous downloads (including dangerous downloads disguised as or packaged with legitimate downloads) and unsolicited email harvesters.
so SiteAdvisor or TrustedSource is also involved. TrustedSource shows no warnings on your site, nor does SiteAdvisor.
A Sucuri check on your site shows nothing at all out of the ordinary, and Google Safe Browsing says your site is and has been malware-free for 90 days up to the 6th of this month (although you say the warnings started appearing about the 10th).
When I go to the site there is a McAfee warning at the top of the page -
and the blocked content is apparently here -
If I hover the mouse over the greyed-out box the following pop-up text appears -
There is definitely something about this that you need to look at. Inspecting the HTML I see three lines which are suspect :
"swfstore.min.js" has the following header :
and these may perhaps be regarded as suspect. However, it is the first of those three lines of code which you really need to look at : the link is clickable, but when I click on it I get this -
- and when I insisted on continuing to the blocked page there was only the following code section -
- which SiteAdvisor has parsed and found to be in some way dangerous. I certainly see code to drop a tracking cookie, I see an iFrame, and I see "php?" followed by a long alphanumeric string; any of which might be the cause.
If you need to take this to the SiteAdvisor team to ask them to remove the block on your site page, you will need to show them that code and let them work out exactly what it is that is triggering the alert. If this is a false positive it has quite a complex cause, and perhaps the SiteAdvisor code may need to be amended to prevent any false positive from being triggered in the future. Or perhaps there is some dangerous construct in that code? I don't know enough to say either way.
Message was edited by: Hayton - entire section concerning iFrames removed after further investigation - on 15/02/12 03:43:17 GMT
That blocked content - I reloaded and permitted the entire page - is a Flash advertisement. So ... a possible Flash exploit? Because I'm viewing it in Chrome I automatically have the latest version of Flash, so I wouldn't see any Flash-related problems; and Chrome is sandboxed, which makes exploits much harder to implement anyway.
It's only a possibility, I won't put it any stronger than that. I need to test this in IE and Firefox to see how it behaves.
It's clear that the problem is not with your site but with "nuffnang.com.my".
According to Google Safe Browsing
hyton i'm really really happy what have u done to check up what my website problem... so it is my website radiomalaysia.info is free from virus? .. so that is mean the problem is come from nuffnang.com.my...
So what you recommend it, should i remove that advertisment or keep that that widget code from nuffnang?
i'm really pain now, what should i do... please advice to me what should i do guyz..
hayton i would like to saya million thank q for you... because u already detect what is problem on my website http://radiomalaysia.info .. you really help me about this think...
The only problem area I can see anywhere is that Flash advertisement. Try removing it from the webpage and see if the warnings disappear.
As I said, the problem lies with a third-party that you link to (nuffnang). Their site appears to be suspicious, so perhaps they have a virus, or the site has been hacked in some way.
Your own site is otherwise okay. Take out any links to nuffnang until their own problems have been resolved.
okie hayton, i already remove that nuffnang.com.my advertisment, so can you check back my website www.radiomalaysia.info izzit still have virus on my website? Please kay...