Nasty, nasty, nasty! This one’s bad not because it does a lot of damage but because it’s hard to find and extract. And I’m not even sure if “virus” is the right word, maybe malware, or malicious code is more accurate. It doesn’t attack your computer, but it does change the code on your website or blog.
(Hi, let me just interrupt the blog-today is MARCH 27 2008 and this piece has gotten about 100 hits in the last 24 hours from the Philippines, Germany, etc., write a comment or email me. I wrote this WAY back in October 2007, is this code spreading?)
Pop-under attacks are strange. See, a long time ago I stopped using Internet Explorer and miraculously almost all the trouble I had with my computers stopped. See when something strange happens I’m really surprised, meaning most of the problems I have now are because I was experimenting with something. And I’ve NEVER had a problem with Firefox, but recently the browser was “sticking” and felt funny. plus whenever I visited my OWN blog right here I was getting a pop-under window to open up.
Now I have Google Adsense running on my blog and I know where the ads are supposed to show up, but I DID have a little problem with setup. But I also know I didn’t install anything that should have pop-ups of ANY kind, so this was definitely a problem (meaning something unintentional and beyond my control) was going on. The first thing I did was I took a look at the source code of the pop-under window and found this;
After only a couple of days my blog was showing up as BEING A DANGEROUS SITE TO GO TO. That code had gotten ME listed as a potential internet threat! So I have a Firefox plugin called Firebug that allows you to examine code very closely. And it allows me to find the code.
Can you see that line with all the u’s and 0’s? Well I did a search and confirmed that THAT was the code I needed to remove. Because here’s the weird thing. If you just pull up the source code of your page you wont see anything out of the ordinary EXCEPT all those u’s and 0’s. And it just looks like a bunch of WordPress code-but it’s not. By the way right now you can get 10% OFF – NEW Norton Internet Security 2009 (code: 10offnis09, ends 6/30/09)
So the good news is that you can get that code out of your site with a little effort but the BAD news is that it seems to be a virus that attacks your web hosting company. In other words your actual server has the bug and then spreads it to all the sites being hosted.
My hosting service, called 3ix, has a problem every week so I’m not even going bother trying to tell them, because they tend to deny they even have problems. But if YOU have this problem I advise getting in touch with your hosting service-after you fix your own site first.