NetSeer suffers hack, triggers Google malware warnings

NetSeer suffers hack, triggers Google malware warnings

Summary: UPDATE 4. One advertising network's corporate Web site suffered a hack and a malware injection attack this morning, which led to Google warning users worldwide to avoid 'infected' sites.

SHARE:
TOPICS: Security
27

If you visited ZDNet earlier today and were warned by Google that you were entering a site with known malware, you weren't alone. 

Internet advertising network NetSeer suffered a hack to its front-end Web site today that rippled across the Web sites of its advertising partners. The alerts warned visitors who were using the Chrome browser that the Web site they were visiting was a "known malware distributor."

rfde
Google Chrome users were warned today that some Web sites may be infected with malware. (Credit: ZDNet)

A spokesperson for NetSeer confirmed the successful hacking attempt at around 5:30 a.m. PT, but noted that it did not affect its advertising network infrastructure.

The company is currently working with Google to rectify the situation.

A NetSeer spokesperson confirmed that its corporate network had been infected with malware, and Google subsequently added its domain to a list of malware-affected Websites. Because NetSeer's corporate site has the same domain name as its advertising network, Google triggered warnings on end-user machines warning users to avoid any Web page that happened to include an ad served from NetSeer's servers.

But, visitors to these Web pages were not at risk of being served up malware from the NetSeer advertising network, the company said.

"Our operations team went into all-hands-on-deck mode and we have successfully cleaned the site of the malware issue. We are also working with Google to do an expedited review of the site and remove the site from the malware impacted site-list so that browsing behavior can be restored for all users," a NetSeer spokesperson said.

The company said that it is currently in the process of notifying partners and customers.

Internet Explorer's SmartScreen filter—designed to mitigate such incidents for Windows users—did not block any Web pages, according to ZDNet's Ed Bott.

The Street, a known financial news site, said it has discontinued using Google advertisements "until the issue is resolved." 

The New York Times was affected for a while, as was The Huffington Post among dozens of other high profile Web sites and news agencies. Some news outlets, notably The Guardian, tweeted their online following to warn that they were seeing issues, but there was no risk and they should ignore any warnings.

 
Update at 1:50 p.m. ET
: A NetSeer spokesperson said the company is "p
leased to announce" that Google has removed the ad network from the list of sites impacted by malware.

Update at 5:15 p.m. ET: Unconfirmed reports suggest that the issues with NetSeer may have temporarily come back to haunt Chrome users. We've put in more questions to NetSeer and will update once we hear back.

IDG's Martyn Williams tweeted the following image of sister site CNET being blocked by Google Chrome. Here's the picture:

cnet-tweet
Another instance of Google Chrome blocking access to some Web sites later in the day. (Credit: Martyn Williams/Twitter)

Update at 7:30 p.m. ET: Google spokesperson said that while they do not comment on individual cases, "Safe Browsing is working as intended." They also noted in a blog post that explains how tricky it can be to clean a site of malware completely.

Update at 8:35 p.m. ET: A NetSeer spokesperson looped back to ZDNet with additional comment regarding further 'red warning' pages from Google Chrome users. 

After we found and removed the infected files this morning, we were removed from the Google list of malware infected web sites. NetSeer was placed on the list a few hours later although we are unsure what triggered this second incident. We have been collaborating with Google throughout the day and they have been very responsive. As of approximately 4:00 p.m. PT (7:00 p.m. ET, I can confirm NetSeer is off the list. We are still investigating and cooperating with Google to ensure future continued compliance.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

27 comments
Log in or register to join the discussion
  • I use NotScript in Google Chrome

    I'm running Google Chrome in Kubuntu 12.04.

    At least I don't have to worry about malware infection. :)
    Grayson Peddie
    • Happy New Year!

      Love my job, since I've been bringing in $5600… I sit at home, music playing while I work in front of my new iMac that I got now that I'm making it online.(Click Home information)
      ......http://goo.gl/9Supo
      HugoDinatale
  • yea - because linux has never been broken into

    "At least I don't have to worry about malware infection"

    It's that kind of thinking that makes you just as dangerous as any unpatched windows box out there.
    lrj2@...
    • Penguins are bad for your health...

      Well said fine sir!
      TopICat
    • Then you have never used NoScript (Firefox)/Notscript (Chrome)

      I use them to protect myself.
      Grayson Peddie
    • LOL

      Nothing is as dangerous as an unpatched Windows box.
      T1Oracle
      • Nothing is as dangerous as an unpatched Windows box

        True, nothing is a dangerous as a patched windows box either.
        guzz46
  • Infect my Mac with Malware?

    Just reading that screenshot of Chrome's warning. Isn't my Mac (if I were using one) supposed to be mostly unaffected by malware? Also, isn't Chrome supposed to be pretty much bulletproof in it's own respect? So in theory if I'm using Chrome on a Mac, I shouldn't have much to worry about...(?)

    Which then brings me to the thought that I'm currently on a Windows machine using IE8 so I don't even see this alert and I am currently on ZDNet's site and have been intermittently this morning. Uh oh. LOL I better not click on any ads.
    Doc75
    • You're already infected

      If you have doubts, check your bank accounts. If you still don't have doubts, then Ballmer says "thank you."
      T1Oracle
    • Chrome + Mac = Bulletproof?

      Stupid users can bypass the warnings in Chrome, and Mac is not immune to malware. Not to mention developers getting owned by the Ruby on Rails vulnerabilities earlier this year. If you expect any product/browser/OS out there to be 100% protection, you're wrong.
      JohnJacob1161
      • To vouch for that...

        Here is Steve Gibson himself, almost one month ago: http://twit.tv/show/security-now/386
        TechNickle
    • Mac Is Unaffected By Malware

      This is a common misconception. The only reason Macs tend to have less viruses/malware than PCs is because no one bothers coding viruses for Macs. It'd be a waste of time, especially since most people use PCs. (I must admit that Macs are a bit more secure, but far from being bulletproof. Just makes it that much harder to code malware for Mac than for PC.)
      A final factor for this is that Macs are newer than PCs, and have not been that popular for long. So hackers have had less time to cook up malware for Macs than for PCs, which have been around for a while now.
      orangemars2000
      • No

        That "explanation" was always deliberately nonsensical -- OS X is inherently more robust in regards to security than Windows thanks to its Unix roots.
        JustCallMeBC
        • Unix roots

          Why would OS X be more robust thanks to its Unix roots? That's a bs.
          tigerstein
          • better modularity for one.

            The various parts of the system are not interdependent. A bug in one module doesn't translate into a bug in the entire system.
            jessepollard
  • Other sites affected on Sunday?

    Uncertain whether this is related, breitbart.com was listed as a Reported Attack Page already on Sunday. The problem has since been rectified.
    Andy Raffalski
  • Google should be fined for this!

    This is a blatant tempt by Google to discredit a competitor. There is no threat on a Mac, and there was no threat detected.
    It is wrong to expect Google to determine what you should or should not see on the internet.
    Anyone who uses Chrome is fooling them selves if they do not realize they are supporting a Google closed world view.
    kpbpsw
    • You should be fined.....

      For excessive use of presumption. You state as fact assertions that seem contrary to the facts at hand. Three completely unsubstantiated statements. "(#1)blatent tempt(sic)...to discredit a competitor. (#2)There is no threat on a Mac and (#3) there was no threat detected." You are either a troll, or so deluded as to think that you alone can see google malevolence and must warn the world. Please, go take your meds and take a nice little nap.
      WhatsamattaU
      • Aggressive WhatsamattaU?

        I know hundreds of web sites that are unjustified marked as dangerous, by Trend, by McAfee and consorts and now by Chrome.
        People that have software to download for example hit that wall every time.
        WHO IS COMPENSATING THEIR LOSSES?
        So Mr. kpbpsw is in my opinion right - if you have a good virus protection that also includes the web - and is equipped with malware detection then I definitely need no browser to tell me this site is dangerous.
        This warning is based on what?
        In most cases its simply WRONG!
        Because its Google I just trust it?
        You are kidding me!
        Chrome is miserable browser and worse than IE8. It even considers an iframe to a video on his own servers as risky - because it's not in the same domain. Check the error it throws - just ridiculous -
        lrj2@... confuses the user with the user's machine obviously because he is also using degrading wording: that makes YOU just as dangerous ... I beg your pardon - any intelligence here at all?
        Guess not.
        dpelger@...
  • Partial Omniscience

    "But, visitors to these Web pages were not at risk of being served up malware from the NetSeer advertising network, the company said."

    So, they were hacked. They admitted to it. And now they expect us to trust them when they say users were not at risk? This is like saying, "Someone broke into our house, but we know he did not leave anything behind." How do they know this?
    seleleth