Innity Ads, Malware & TransMY’s Red Curtain

TransMY, who is the publisher of Innity ads was treated with an extra ‘curtain’ (courtesy of Google) on it’s entrance on Monday, the 20th. The red curtain is one of those nasty stuff you often came across when you stumbled upon dodgy site. Does that mean TransMY has became dodgy as well?

Hell no. The culprit is actually down to Innity‘s ads. Maybe some sites have been an unfortunate target of hijacked Innity ads or Innity did not update their scripting to the latest making it vulnerable to attacks. Since TransMY and all other top Malaysian news sites and blogs are in the same neighbourhood with Innity, Google was quick to raise the alarm and branded all of us as potential malware spreaders.

I came across this incident in the morning and I thought it may be one of those ads being screwed for a bit but I underestimate that bit as it has became a 36 hour issue. Most members who wish to access them had difficulty of doing so as the red curtain keep appearing and refusing the user to enter. I am not sure what browser they are using, but my Chrome did give me an option to proceed, of course at my own risk or back off going back to a safe page before accessing it.

Some members panicked and being the administrator of the site I was flooded with complaints of worried members in my Facebook account and TransMY’s Facebook Page. Not so long after experiencing this glitch, I fired an email to Innity, and guess what they replied me in the space of 6 hours where I think they do deserve commendation despite the fact that their staff are panicking to the max thinking how to rectify the problem.

another warning to transmy via google search engine

Without relying much on Innity, I too made my own investigations. First of, the classic – delete all your cookie and temporary internet files. Make sure you have a squeaky clean browser before testing. This is because some infected cookie may still reside in your cache folder, and they don’t generate accurate results if you are running a test.

Next is scan your C:/ with your AV’s. Still a very classic method, that a 12 year old knows. After all that, I checked TransMY’s .htaccess files just to see if there is any new string that has been added stealthily with some alien IP address or URL. The result is no, its all good.

Final step, I fired up 4 diagnostic websites:

Firstly, OnlineLinkScan – this site is cool. To test the URL if it is infected or not, you can trust on this one. Key in the target URL, and it will scan. The results are a summary from Phishtank, Sitetruth, AVG and Google Safe Browsing.

The result is positive. That means TransMY is not affected by the malware attack that affected Innity ads. Just to convince myself further I go to the individual web pages of Phishtank, Sitetruth, AVG and Google Safe Browsing. And these is the results I get;

It says nothing known about http://www.transmy.com. Pass.

It is all green from AVG! Goodness.

Google Safe Browsing pointed out the culprit from Innity which makes TransMY innocent. After digesting those results, I slap them in Facebook so that I don’t have to go about doing tons of explaining to different individuals. I put a notice and ask my members to check the integrity of the site themselves.

About 36 hours after that, TransMY’s integrity has been restored. It maybe the result of me firing up an email to Google earlier. Also Innity might have rectified the problem soon after that. In total Innity emailed me 4 times from 2 different individuals. They also update their publishers via announcement which was brilliant.

As a record, the malware attack and false alarm imposed on ‘innocent’ publishers have been solved in the matter of 24-36 hours. I think Innity personnel deserves a pat on their back for the quick action and concern for their publishers. I hope Innity will operate better after this.