The site has a hidden iframe that goes to "m-gallery.org/images/111/index.php" I removed the HTTP part.
Stop Badwares message: " (www.cangooglehearme.com/) has been determined by Google's testing to be a site that hosts or distributes badware. The following are examples of urls on (www.cangooglehearme.com/) that Google has determined can lead users to be infected by badware:"
http://www.stopbadware.org/reports/container?reportname=www.cangooglehearme.com%2F |
the google result shows this
Can Google Hear Me – Trying to get Google's attention through the ... <B>This site may harm your computer.</B> After I asked him to, he drew up some concept sketches for me to look at, and I'd love to hear everyone's opinion on them. If you click on the graphic at ... www.cangooglehearme.com/ – 11 Jun 2007 – Similar pages |
More about the site and its story: http://blogoscoped.com/archive/2007-02-15-n63.html |
Heh.
Is that iframe or m-gallery.org harmful, and if so why? |
Google heard him. But did Google *listened* to him? THAT is the question (-: |
Philipp, I did a site: search for the exact page that is included in the iframe and that page has the same StopBadware message in Google search results. I did not load the page in question though to know what is even on it. |
Weird, I tried the same (site search) and didn't get the message... |
Screenshot of what I get: http://farm2.static.flickr.com/1140/544280067_591d6dd4ae_o.png
Also, I did a lookup of the IP address of CanGoogleHearMe.com and that IP is being hosted at DreamHost
It seems that 3500 ftp accounts on DreamHost were compromised. Maybe Aaron's site was one of those?
Here is a link to people discussing DreamHost hacked accounts: http://www.mezzoblue.com/archives/2007/06/05/unsettling/ |
DreamHost posted about the security breach and has a recent update about it too.
Security Breach http://www.dreamhoststatus.com/2007/06/06/security-breach/
Web Hosting Break-Ins, Security Update http://www.dreamhoststatus.com/2007/06/11/web-hosting-break-ins-security-update/ |
I did a site: search like Colin and got the message. I clicked the link, got Googles "Malicious" Message, proceeded to the site, got Google Desktops' "Advisory" message, proceeded and finally it was just a white page, probably infecting my PC in the background. Yay! |
Yeah, I was tempted to see what the page was all about but then I figured I didn't want to have to disinfect my computer just because I was curious about one site. |
I was able to get the source code of the page without loading it in a browser. Its just a Javascript block of code. No HTML is on the page.
Screenshot of the code: http://farm2.static.flickr.com/1168/544239432_3e350cd598_o.png |
Is this a Javascript exploit? |
Aaron has fixed his site and it shows up fine for me in Google now. |