Jan 132013
 

Free YouTube Downloader

I noticed this morning when publishing a new WordPress post that it contained a link to “Free YouTube Downloader” that I had not placed When I investigated some more I found more Free YouTube Downloader links in various fields, attempting to hide itself by also inserting about a dozen linefeeds first so that the field looks empty unless you scroll way down.

I had just written a post last night and this rogue url was not inserted anywhere in the post. MY first I suspicion was that a virus had infected my computer or possibly my WordPress code. Microsoft Security Essentials found nothing on my computer and my WordPress virus plugin had not detected any new code.

I decided to eliminate a possibility and started up Firefox to edit the post. Interestingly, the Free YouTube Downloader rogue url was not anywhere to be seen. I went back and edited the post using Chrome and the rogue url inserted itself again.

Web Video Downloader 2.2

Having isolated the problem to the Google Chrome Browser, I turned off all the browser extensions to see if one of them was the culprit. Sure enough, the problem was gone, so I turned the extensions back on in groups till the problem reappeared then isolated it to a single extension, Web Video Downloader, which probably should have been my first guess. I have had this plugin installed for quite a while though not sure what I ever actually used it for. It is interesting that it would wait so long to deliver its malicious payload. Just remember to disable/remove the extension on each of your computers! I didn’t think about it and after fixing it on one computer found the problem occurring on my other machine. duh!

The extensions website link from the Chrome Browser Extension page reported that the extension had been removed by its author. Sure wish Chrome would let the user know when an active plugin is removed. Only thing I can assume is that this extension got updated with some bad code inserted

Here is the link that was inserted into my WordPress blog fields:
  http://download.cnet.com /Free-Youtube-Downloader-Pro/3000-2071_4-75329731.html
When I searched Google for the string “3000-2071_4-75329731” I found a number of other sites with this same link, so I am not alone.

Sep 202012
 

When I happened to pop into Webmaster Tools today (for a completely unrelated reason) it reported that some kind of malware had been detected on this site. Argh! Of course nothing that was clickable on the warning page gave me any idea of anything concrete I could do to fix the problem so I resorted to a Google search “google find malware” which brought up a few suggestions for me to follow.

Severe health issues found - Malware detected

I ran the Sucuri SiteCheck on my site and it showed I was ‘clean’ everywhere except for some site called Yandex which had blacklisted my blog.

Domain blacklisted by Yandex

It took me about 20 minutes to sign up with Yandex so I could find out what ‘malware’ they had detected. Turns out it was an old issue that I had already fixed from back in March but they had never rescanned to see that it had been corrected. I submitted a request for them to rescan my site and remove the malware notification. Was sure glad it was not something serious but wish they had updated their system sometime in the last 6 months.