It's about exploring and sharing my creative adventures (mostly sewing these days) ~
~those activities that sometimes obsess, usually inspire, occasionally frustrate
~and always provide a delightful maze to wander through.

Monday, October 3, 2011

What's with all of the Malware Warnings?

Is it just me?   For over a week now, every time I click on certain blogs, I get a warning sign that says "WARNING!  Something's not right here... ***.blogspot.com contains content from hungryzombiecouture dot blogspot dot com, a site  known to distribute malware" I just clicked on a new post from one of these sites, and the malware warning also points to adventuresindressmaking dot com as a malware carrier.

It doesn't matter if I click from my Dashboard, from Google Reader, or from my blogroll, I get this message.

I haven't been keeping track of the sites this happened on, but today it happened when I clicked on  Stepalica and Lucky Sew and Sew's blogs.   I don't want to continue to their site & get their email addresses, so I can't send messages & ask them if they know what's happening.

I have never had a virus issue since I switched to a Mac, so I'm not too concerned for myself, (hope I don't need to be!), but I am concerned for the folks who might be infected.....   Is anyone else getting these messages?  Is there anything that I, or we, should be doing about this?

Thanks for any advice.....

ETA:  A response (I don't think it's directly from Google, but from someone who appears to know what's going on) over at the Google help center:


"There is a widespread issue occurring with Blogger currently.  What happened is there is a 3rd party utility from blogutils . net that is used on many Blogger sites  and  blogutils . net  got hacked and the utilty started returning malicious code.  Just about every Blogger site using that utility got flagged.   blogutils . net  has cleaned up the hack and the utility is no longer returning malicious code, but any Blogger site which got flagged by Google will continue to show the warning until a malware review is done by Google and the site is cleared."


ETA.1:  Shannon at hungryzombiecouture.blogspot.com is now malware free!   (See comment #31 below).   Hope the rest of the infected are able to clean things up as well :)

33 comments:

Anonymous said...

Just clicked on the blogs of a few of those you follow. Did not get any messages.

Anonymous said...

Ooops, that was my comment.
---gloriastitches

Fran said...

I have gotten lots of malware warnings this week on several of my favorite sewing blogs. I also haven't gotten a virus since I got my Mac last year- but I'm still afraid to visit those sites and I'm starting to miss them!

Jillybejoyful said...

Stepalica is the only blog currently on the first page of my blogroll that I get that message from; I just tried again, still get the message :(

So far we have one who gets the message, one who doesn't. Odd. I'm still too leery to visit any sites w/ that warning though :(

vtmartha said...

I'm a Mac user and not getting those messages. Is it possible that you have picked up the MacDefender malware described here: http://www.tuaw.com/2011/05/19/macdefender-malware-protection-and-removal-guide/ ? It's a scam to get you to purchase the cleaning software, picking up your cc # in the process.

shams said...

I am also getting that warning on Shannon's blog (Hungry Zombie). The last time this happened to a blogger (that I was following) was Ann Steeves of Gorgeous Things. She couldn't do anything to fix it, so she switched to Wordpress. It's a shame.

shams said...

I just clicked Stepalica from your blogroll and it's fine for me. (I'm also on a Mac - I don't think that has any thing to do with it.)

marysews said...

I was following hungryzombiecouture, but the irritating messages stopped after I unsubscribed from that blog.

KID, MD said...

I'm getting them occasionally as well, although I've only seen them from Ten Thousand Hours of Sewing. I also heard that Making The Seam had to delete her blog due to malware. This is terrible!

Jillybejoyful said...

Dang :( I'm not following any of the blogs that have shown up as malware carriers - annoying!

I've cleared history, cache, etc., a number of times.

Martha this doesn't appear to be any sort of virus protection scam thing - all it says that if I continue on to the blog I'm putting my computer at risk; the message (apparently) is coming from Google.

shams said...

Mary, can you now open that blog successfully?

I've been researching this and it turns out that there are rarely false positives with this sort of warning. Usually, there is some false iframe at the end of some ad/link of some kind that has been added to the page and that iframe contains a hidden URL of a site that distributes a virus.

When I clicked on "more information" on Shannon's blog, it says that there has been some suspicious activity in the last 2 days. So I would wonder if she added something to her blog template in that time. A gadget, an ad, something that seems innocent, but is not.

But I am no expert. I hope this gets sorted out. If it happened to me it would drive me nuts.

Mary said...

Yes, I have noticed it also. The Flowery Skirt (Barbara) was displaying that message so I unsubscribed. Barbara-if you are reading, please check into this :-( Like shams said, this happened to Ann last year. She was very frustrated.

shams said...

This makes me wonder if all of those experiencing this have added something similar to their blog templates. My blog has very little in the template and I have no blogroll, etc.

It's a mystery and, as a blogger, it does make me nervous!

shams said...

If you do have a blog that exhibits this problem, go into the template and look at all the HTML. Make sure that there is no "iframe" at the end of any of the gadgets that looks suspicious. I don't now how else to debug this.

Jane M said...

Jilly, thanks for the warning about my own blog. I just checked my HTML on my widgets (barely know what I'm talking about) but didn't see any of the iframe that Shams referenced. Geez, how annoying. I'm just starting to get mildly comfortable in the blog world and now to have to worry about this.

Jillybejoyful said...

Sorry Jane :( Have you seen that warning sign anywhere when you click on another blog? Wish I could help..... :\

shams, I'm such a non-geek. Everything is so user-friendly, in terms of setting up the blog, that I don't even know how to look at my template in html mode!

Jillybejoyful said...

Hmmmmmm.... I just tried an experiment. I have 2 browsers I use, Google Chrome (my usual browser, & the one I always use for blogging) - I get the malware messages here.

But when I open those sites through Safari....no message.

So apparently Google thinks there some malware somewhere. Safari...who knows?

shams said...

Yes, I should have added that. This is something that Google is detecting.

Andrea said...

I'm getting it also, only on pc using chrome. Message pertains to Adventures in Dressmaking and prevents me from accessing any sites from dashboard. When I am on iPad, no messages and no problem. Definitely appears google related.

Judith said...

I am also getting the same warnings (Chrome user), and have deleted the mentioned sites from my lists. The warning does mention the same site each time as having the malware. Personally, I am not taking the chance. Just don't want to be attacked from cyberspace in order to keep in touch with sewing.Bad enough when my sewing machine plays up - imagine if my connection to the sewing world is taken away from me....not a happy thought at all!!!

Jillybejoyful said...

Andrea I would be cautious...as shams said, it's likely that there is a bug somewhere in the known-to-be-affected sites. Google is detecting them & other browsers are not - personally, I wouldn't assume that it's OK to visit them using a non-google browser.

I may be completely wrong about that, but I still intend to be cautious, & I would want to know about it, & have it checked, if my site was displaying a warning!

What-I-Found said...

Just another voice saying I am seeing these messages too. I use Chrome on my Mac and I've just skipped past those few blogs, but I hope that the owners are being notified by Google.

vtmartha said...

As you mention that it is a Google Chrome issue, I 'Googled' the issue and this is what I found: http://www.google.com/support/forum/p/Chrome/thread?tid=7b4b5fffb28c2895&hl=en

Ana Stepalica said...

Hi Jilly, I've been having problems with my blog since Friday last week. I'm getting the same message when I try to access my blog, but only when using Google Chrome. IE and Mozilla seem to work fine.
The malware seems to come from the hungryzombiecouture, and it looks like it spreads. I unsubscribed from it, but it didn't help. Ironically, Google offers a certain set of tools that are supposed to detect the source of problem on my blog, but they haven't found anything suspicious on my blog. In the meanwhile, I've decided to keep posting, and I hope Google will fix this problem ASAP. If not, I'll switch to wordpress.

Unknown said...

Just got this warning for the 1st time today, when I clicked on Happy sewing place's blog. The message though listed the hungry zombie site, which I am unfamiliar with. I closed out, but am glad to see you addressing it here.

Curious and curiouser

Ana Stepalica said...

OK, I browsed a LOT to find an answer. The only thing I could do was to completely unsubscribe from the hungry zombie couture (which is a pity, I like her blog), and to remove it from my blogroll list. I think it solved the problem (I have to double check it again).
I would appreciate if someone would try to access my blog and let me know if the malware page still appears or not.

Jillybejoyful said...

Yay AnaJan I'm so glad you checked in here! (AnaJan has the Stepalica blog, if anyone is unfamiliar with her, & she does wonderful designs)

I just clicked on your site (w/ Google) & it went through just fine, no warning... *whew*

Jillybejoyful said...

Thank you Martha, for finding that link....as usual, it will probably take the Google PTB forever to respond, but at least a few folks are giving their opinions. Clearly, it isn't just the sewing community that's being affected.

I really hope people don't end up losing their blogs though :(

Jillybejoyful said...

One of the responses at the Help Center:
"There is a widespread issue occurring with Blogger currently. What happened is there is a 3rd party utility from blogutils . net that is used on many Blogger sites and blogutils . net got hacked and the utilty started returning malicious code. Just about every Blogger site using that utility got flagged. blogutils . net has cleaned up the hack and the utility is no longer returning malicious code, but any Blogger site which got flagged by Google will continue to show the warning until a malware review is done by Google and the site is cleared."

Ana Stepalica said...

Thanks Jilly, I'm relieved everything's back to normal.
Hopefully, the Hungry zombie couture will fix the problem and return to normal blogging.

glorm said...

Hope everything is fixed now.

Shannon said...

I had a few rather annoying days trying to figure out why my blog was acting like a proverbial "Typhoid Mary." Thankfully, hubby stepped in and sorted it all out. I am now malware warning free. It appears that the blog sewhotmommi was the source of my issues and once I deleted all links to that blog, all was well with my blog again.

I such sympathy for Dei (sewhotmommi's owner) as it appears she has now deleted her blog. I sure hope she is back to blogging in the future.

marysews said...

I've resubscribed to hungryzombiecouture. I need to find the other one I unsubbed from because of "the message."