Identifying and Reporting a Malicious Web Site

This evening I stumbled across a classic malicious web site. I was searching for information about a pen. I recently lost a much loved Rotring Trio pen, and was searching for some information. When I followed a link from a Google search I was confronted with a very windows looking dialog box telling me my computer was infected with a virus.


I carefully attempted to close it using the close button on the frame of the window. That just produced more messages, warning me of the dire consequences if I closed the window.



eventually I turned of Javascript and shut the offending web page down. But not before getting a very realistic, animated view of a "virus scanner" scanning, finding viruses an spyware and telling me to download a program to clean the infections.

Some of these dialog boxes were very realistic, this one especially would strike fear into the hearts of any Windows user.


What made this a less than heart-stopping experience for me was that at the time I was running Ubuntu Linux. Not only where the warnings about infections and registry problems not Linux problems, the "Windows Security Alert" was ludicrous in a non-windows environment.

If I had been using Windows however, it would have been much harder to detect the bogus nature of the messages. Many users would have clicked on the button, downloaded and installed the executable, and been in a world of hurt if they did not already have antivirus that would detect the malware.

I have written at length on my web site about what steps to take, and have written a white paper on the subject. It is a free, just send an email to sig@serenitycomputing.com and it will be sent to you.

What can you do about reporting a web site like this?

A quick search reveals that many of the sites that appear to be giving advice are themselves questionable. I felt strongly that I wanted to report this site somewhere. There are a number of sites where "Phishing" sites can be reported. These are sites that imitate a bank or other institutions web site and try to get your passwords. However reporting sites trying to infect visitors with viruses and spyware was a little more difficult.

So far I have found one. It is Malware Patrol who have a page where you can report one of these sites. They also allow their blacklist to be downloaded in a number of formats, including ones suitable for Adblock Plus (a Firefox addon) and Clamwin, an open source antivirus and ant-spyware program.

I have reported the attack site, and will use the blacklist to prevent sites such as this one from causing me more trouble.

I will look at setting up a hosts file on my Linux machine to prevent this kind of annoyance again. I have these measures already on my Windows computer, but will be updating it soon!

I would like to hear from anyone who has more place to report these malicious web sites. Please let me know what you do.

Enjoy!