Beware the innocent web site

There is no safe neighborhood on the Internet.

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.


Michael Horowitz
2 min read

PC World reported yesterday about the latest malicious attack on innocent websites (see Web Attack Worm Infecting Hapless Sites by Erik Larken). While this particular story is news, the concept is old - there is no safe neighborhood on the Internet.

The websites that have been infected with this particular brand of malicious software are, very likely, innocent bystanders. Their crime is simply being hosted in an environment with buggy or mis-configured software.

If you have your own website, EriK Larkin has an excellent suggestion, run a Google search on the entire site to look for this malware infection. Specifically, do a search like

    site:mywebsite.com winzipices.cn

Needless to say, replace "mywebsite.com" with the name of your website. It is important that there not be a space after the colon. Hopefully, as shown below, the search finds nothing.

To see infected websites, search for "winzipices.cn". However, do not visit any of these infected websites.

Alex Eckelberry, of Sunbelt Software (the company behind CounterSpy), has been writing recently about hacked websites at iPowerWeb. See Problems at iPowerWeb? and The iPowerWeb Chronicles: Problems persist. Yet, in early April, StopBadware said that iPowerWeb is much improved in terms of protecting the sites they host.

Not to pick on any particular hosting company, the important issue is that websites with no ill intentions, can still end up installing malicious software on your computer. And yes, Macs and Linux are safer from malware infestation, but not from the porn Alex turned up, and not from scams.

Shadowserver has more technical details on this latest exploit.

See a summary of all my Defensive Computing postings.