September 19, 2013

Any ideas?

A reader tells me she's getting a message — just in the last couple days — from Trend Micro OfficeScan saying my URL — http://althouse.blogspot.com/ — is "a potential security risk."
Trend Micro OfficeScan has blocked this URL in keeping with network security policy....
Risk Level:    Dangerous
Details:    Verified fraud page or threat source
What's that about? I haven't changed anything in the code to this blog recently, just the usual blogging in the usual Blogger software. Seems pretty innocuous!

UPDATE: Commenters helped me out showing me where to click to submit a reclassification request, which I did on September 19th, and on September 24th, I received notice that Trend Micro had changed my blog's "safety rating" from "Dangerous" to "Safe" and my "Content Type" from "Disease Vector" to "Government / Legal." I still don't know what made them flag this blog in the first place, but whatever... it's fixed now. Thanks to all who helped.

38 comments:

Jim said...

It could be your ads. Sometimes they have malicious code in them.

corsair the rational pirate said...

Maybe your ideas are "dangerous" to "the man!"

Take that, NSA!

Matthew Sablan said...

If it is a work computer, it might just have blocked general blogger sites. If it is a home computer, no idea [are there any ads that might be triggering that? I don't see ads as a rule on Firefox, so that's a legitimate question.]

CWJ said...

Is she logging onto her home network, or a public or work site?

Strelnikov said...

Wear it with pride.

Popville said...

Free thinking is always dangerous.

madAsHell said...

Is she surfing from work?? I'll guess that your URL was added to the OfficeScan because it's not work related.

From Inwood said...

Minutes ago, as I tried to get on to your site, I got a warning from Microsoft that your site may be dangerous & so they shut off my Internet Explorer Browser.

I just started up again & obviously here I am.

I haven't changed anything in my computer either, at least not that I'm aware of.

Ron said...

While it may be true that Ann doesn't bring the snuggly-wuggly, security risk? Not so much...

Where are our Althouse plushies?

lemondog said...

NSA?

Tibore said...

Something's been picked up by scanning. If you go to:
http://global.sitesafety.trendmicro.com/index.php

... and enter your URL it says the same thing.

This could be a variety of things. Two examples:
I. Possibly one of the old threads had a spammer hit the comments up with links before you went to admin approval of posts mode.
II. Possibly one of the ads being served on the site is delivering malware.

I'd have to defer to Blogger's support on what to do to vet the ads being delivered. And yes, I do recall the adventure last time you resorted to Blogger support, so I realize that's not easy.

As far as old posts: That'll be a pain to go through. I don't know of a way off the top of my head to peruse all those for compromise URLs being spammed out. Presuming that's the case. All I can say is that IF that were the case, it would be an old, olllld post; that's where comment spammers tend to deposit such URLs.

Others who use Blogger may have more insight than I on this.

Graham Powell said...

Maybe it's something in the ads. I don't know exactly how they work, but ad services I've used in the past can push out HTML code, not just images.

Lance said...

Probably one of the advertisements. You should be able to appeal the malware classification and have them retest.

viator said...

My Kaspersky software, generally highly rated, and from my experience fast on the draw is perfectly happy with http://althouse.blogspot.com/

Russ Wood said...

This is similar to the message about which I alerted you in our email exchange of a month or so ago. I got the message when trying to access your page via a link from InstaPundit, but did not (and do not) get it when accessing your page directly.

I suggest that you have someone knowledgeable check to see whether someone has loaded malware onto your blog. Perhaps that's the new form of negative comment.

Ann Althouse said...

"I'd have to defer to Blogger's support on what to do to vet the ads being delivered. And yes, I do recall the adventure last time you resorted to Blogger support, so I realize that's not easy."

The ads are from BlogAds, so that's not Blogger. I can contact BlogAds, who are pretty responsive.

"As far as old posts: That'll be a pain to go through. I don't know of a way off the top of my head to peruse all those for compromise URLs being spammed out. Presuming that's the case. All I can say is that IF that were the case, it would be an old, olllld post; that's where comment spammers tend to deposit such URLs."

But I've been moderating comments, which let's me catch all the stuff that tries to enter on old pages, though I'm not perfect at seeing everything.

Ann Althouse said...

The complaints I've received about this say it just happened in the last few days.

Debbie Andrews said...

Using the Palo Alto device at our work to monitor malware from Internet sites. No issues with accessing your site here.

MayBee said...

As I mentioned in a previous comment, there are a few times when my finger has hit something, when attempting to scroll on an IPad, that has taken me to a porn site instead. I've tried to recreate what got me there to tell you, but Ibe never figured it out. It's happened maybe 3 times in many be 2 months.

Tibore said...

"Ann Althouse said...
The complaints I've received about this say it just happened in the last few days."


The sudden warning itself had just happened in the last few days, but we don't know Trend Micro's process for declaring a site dangerous. If it's rather immediate, then yes, that eliminates the possibility of link spamming in comments. But, if it takes a while to crawl a site, then get findings validated by a human or a group of live people (as opposed to a script), that can indeed take a while. It just depends on what their process is.

That said, I am strongly leaning towards it being malware delivered by ads. That tends to happen; even the NYTimes has had that problem before. I'd suspect that way before I'd be concerned about comment link spamming.

I don't know if Trend Micro's willing to give you specifics of what they found, but it might be worth asking.

JackOfClubs said...

Go to the link that Tibore provided: http://global.sitesafety.trendmicro.com/index.php

When you run your URL it comes up with a warning, but below that there is a "Reclassify Request" button. It will ask if you are a) the owner of the website or b) a TrendMicro customer and will also require an email. Don't know how responsive they are, but you might get idea of where to start looking.

Smilin' Jack said...

But I've been moderating comments, which let's me catch all the stuff that tries to enter on old pages, though I'm not perfect at seeing everything.

Like the misuse of apostrophes.

JackOfClubs said...

I just checked the site using the following tools:
AVG
Result: Currently Safe

Norton SafeWeb
Result: OK

McAfee Site Advisor
Result: This link is safe.

So, it looks like the problem is specifically with Trend Micro.

Mister DA said...

SpyBot 2 has just started complaining about the Google Ads. Something in the latest update doesn't like some of the code it finds in the ads.

Shanti Mangala said...

I see the same thing when I try access the site from my work laptop.

This is definitely not anything to do with the site being non-work-related. I am able to access other blogs just fine.

Ann Althouse said...

@Mister DA

I don't have Google Ads.

@Jack of Clubs

Thanks for pushing me about what to do once I get to the link that Tibore provided (I was confused) and for the checking and the reassurance.

@Tibore

Thanks for all this help. I had assumed it had to be something that changed recently.

Ann Althouse said...

I just submitted the form as suggested by Jack of Clubs.

I'll let you know when I get a response.

Thanks to all who've helped!

hawkeyedjb said...

Don't try to visit the White House in the near future. Or flee the country.

elkh1 said...

You sound conservative and dangerous. You did not vote for our Dear Leader the second time. You are a racist traitor.

Prick up your ears for that click in your phone, prep for that midnight SWAT, and gather seven years receipts for that IRS audit.

Ann Althouse said...

Still waiting!

Jim Hu said...

"As I mentioned in a previous comment, there are a few times when my finger has hit something, when attempting to scroll on an IPad, that has taken me to a porn site instead. I've tried to recreate what got me there to tell you, but Ibe never figured it out. It's happened maybe 3 times in many be 2 months."
I think there is some ad malware out there that only targets mobile devices. I had this problem with my iPad on Tom and Lorenzo's site a month or so ago.

From Inwood said...

Prof A

Just came back to your site & had no problem getting on.

MayBee said...

Thanks, Jim Hu.

james conrad said...

Not a clue here on home desktop with Norton, no problems with access and no warnings about AA blog site.

Sorry you are having issues, it's the DAMN MACHINES!

Gordon said...

I just got the warning from Trend again. I clicked on the "go anyway" link and also clicked the "send a message to have this checked" button.

Tibore said...

"Thanks for pushing me about what to do once I get to the link that Tibore provided (I was confused)..."

Oh, I'm sorry. All I meant to demonstrate with that site was that this was truly something Trend Micro detected. As opposed to some restriction thrown on that reporting reader's network security apps. Some enterprises would warn or outright black-list "entertainment" sites if they felt the need to lock things down. That site proves that this is something the company itself pushed as a warning.

Also: I didn't bother pushing you towards the "Reclassify" function because I thought it would have to be something done by either a Blogger admin, or if the problem was something delivered from Blogads then from technical staff *there*. If Trend Micro responds (I hope they do!), then that'll be good. I do admit, I am afraid they'll deprioritize a single blog over requests from large site administrators (such as Blogger technical staff themselves). I don't like it and I don't believe that is fair, but experience teaches me that many companies work that way. It will be refreshing if they don't, but I'm not holding my breath.

"@Tibore

Thanks for all this help. I had assumed it had to be something that changed recently."


You're very welcome. I hope Trend Micro and the Blogads folks give you good help on this.

Donald Douglas said...

Actually, I wouldn't worry about it. Your blog always loads fine for me, with no warnings. These security companies don't do jack to protect against the real dangers to your machine. If they block your computer it's probably a bogus warning anyway. McAfee blocks mine on some computers. I had McAfee and it blocked my own blog on my computer. I disabled McAfee. But I still see the warning link in my SiteMeter sometimes. I just don't worry about it. I don't post malicious stuff and my sidebar ads are clean. It could be anything these days. The "malware" protectors are a rip off in my opinion. I'd never use Trend Micro to protect my machine and McAfee's the biggest scam going. I've known this since the 1990s.

James Drake said...

On a number of innocuous sites McAfee Site Advisor raised so many false risks that I removed it as useless. There was a definite political tendency to what it chose to deem risky: anything easily identifiable as possibly conservative.

For instance, a straight news story from Fox News was flagged. It was about the Air Force sergeant facing charges of disobeying an order for refusing to stop expressing his religiously based opinion that same sex marriage was wrong.

"Once is happenstance. Twice is coincidence. Three times, it's enemy action." Auric Goldfinger