Today, I am eating Google humble pie, because it was right about malware on Autocade. Therefore: thank you, Google. (I’m not so petty as to not thank them for when they get things right.)
Since Google had cried wolf over this blog, which has never had malware issues, I had to question it. Nevertheless, I’m sure most people would agree that it’s better to be safe than sorry.
We originally suspected it was one ad network. This is also based on past behaviour, when one of our networks got suckered in to hosting an ad twice in 2007 that turned out to be a trojan. So we began limiting the creatives that could be shown on our sites.
When that didn’t work, we had to keep looking.
We traced the malware from Autocade back to OpenX, which we’ve now removed from our server. There is an upgraded version which we’ll look at, as we need this program, but for now, I’d rather lose a few dollars than subject innocent users to malware.
It’s a shame there does not seem to be much action over at OpenX. It’s a really good program but the forums don’t seem to have too many staff present there. However, I know we were not alone.
For once, I’m glad Autocade is not a hugely popular site, but it’s still disturbing that this happened—and, as I understand it, Gawker and Gizmodo were affected, too.
The site acting as the malware intermediary is clickme199.ipq.co, which has been allowed to remain online. Whois gives ipq.co’s location in the UK.
Luckily, our other sites were unaffected, in that no malware was sent down the line. But as a precaution, we removed all OpenX code from our sites.
It’s been a big weekend for computer problems, with one machine down due to a trojan and our ad-serving program sending malware. Plesk (the server administrator) also reported that we sent out 61 Tbyte of data this month—and we’re only paying for 100 Gbyte. That was also scary, till I was told by Rackspace that that’s down to a bug. So we’ve had to upgrade Plesk as well—probably not a bad thing.
Not exactly the catch-up weekend that I envisaged, but at least we made some progress. The damaged computer is almost back to normal, too.