Verifying sites

Discussion in 'Ask DACS' started by dacs96ed, Jun 11, 2009.

  1. dacs96ed

    dacs96ed Guest

    <!-- m --><a class="postlink" href="http://www.jeanclaude-libert.org/accueil.htm">http://www.jeanclaude-libert.org/accueil.htm</a><!-- m --> - this is the site created by my brother (in France) and I to highlight our father's work and career.

    Recently, my brother told me that the site had had major intrusions and that he was moving it to a new host which would provide a more secure environment.

    Opening the site this morning in Safari 4, a window opens telling me that the site may contain malware. Checking on Google Safe Browsing, it says that the site does not appear suspicious.
    Opening it in Firefox and in Opera and checking Security confirms this.

    Are there any other sites with which one can verify if a web page contains malware? Any suggestions are greatly appreciated.
     
  2. dragonbite

    dragonbite Well-Known Member

    Joined:
    Aug 30, 2008
    Messages:
    477
    Likes Received:
    3
    Ran across this site
    http://www.labnol.org/internet/detect-webpages-that-serve-malware/5597/
     
  3. jscheef

    jscheef Administrator
    Staff Member

    Joined:
    Dec 4, 2008
    Messages:
    69
    Likes Received:
    0
    The unequivocal answer is maybe.

    A malware infection does not necessarily mean that some malware (virus, trojan, etc) program has been planted on the server hosting your brother's web site. The dirty deed that infects the machines of people viewing the page can be a single line of code that inserts an iframe that contains a little bit if JavaScript. The JavaScript calls more extensive code that resides on some other server.

    The problem faced by Google or malware scanners is that an iframe is a perfectly valid tag and of course most sites include JavaScript. The fact that the Javascript calls code on another site is called cross-site scripting and, while this can be suspect, the technique is used by any site that includes advertising, so Google certainly doesn't want you to disable that! My site at <!-- w --><a class="postlink" href="http://www.ct-amc.org">www.ct-amc.org</a><!-- w --> uses cross-site scripting to display hikes and other activities retrieved from another AMC site that are then displayed in iframes.

    Bottom line - I'm not surprised that different scanners offer different opinions.

    Jim
     

Share This Page