When I went to check my Canadian rating at h t t p:// w w w.chess.ca , I got this message from Google, “Warning - visiting this web site may harm your computer!”, etc. Anybody have any insight into this ? (BTW, I goobered up the URL so people won’t click on it accidentally)
Dunno any specifics, but sometimes that’s what happens when a site gets hacked or their domain gets hijacked.
Getting OFF someone’s blacklist is often extremely time-consuming.
This Google page provides specific information why the site was “blacklisted”. It appears that the site was hacked in the past, but it’s hard to say what is its current status.
Pete Klimek
Chess Canada has been going through rough financial times, I don’t know if there’s even anyone working full-time for them any more.
McAfee Site Advisor sees no problems with it, but that’s not a guarantee.
I haven’t had much experience with Google Safe Browsing (despite using Chrome for a little while now.) It seems to report that while there is no malicious software directly hosted on the page, there are sublinks or redirects that are problematic. (“Malicious software includes 15 scripting exploit(s), 7 trojan(s), 7 exploit(s). Successful infection resulted in an average of 46 new process(es) on the target machine,” yet, “No, this site has not hosted malicious software over the past 90 days.”) ETA: Looking at the records of the secondary sites listed in the safe browsing record seems to indicate that those secondary sites are all hardcore infected/compromised and actively infecting other domains.
I tried to backdoor it and use a different type of tool (a series of user interface analysis tools,) and again Safe Browsing came up with warnings. (Not surprising, as it detected that the UI check was bringing down content from the chess.ca domain.) That check, though, seemed to specifically reference some graphics images off the site. (Seemed like navbars to me, or perhaps banner images.) I am not absolutely positive about that, though, as I’ve never tried to use the UI tester quite this way. But it surely looked like it found something recently currently objectionable and not just ‘was bad in the past’.
That’s as far as I’m willing to risk my own computer (even though I keep it nice and patched and use good AV software), especially as the last problems Google reported were only on 10/15. If I had my Linux machine running I’d probably try it anyway, but that box is down right now for capacitors replacement.
Wish I could tell you, “no problem,” and indeed there could be no current problems. But I’d rather respect the suspicion (better to not visit a site that is actually OK, then visit a site and get a system crudded up.)
And are we sure the site is actually functioning? This can also happen if a domain expires and gets bought/taken over by black hats, can’t it? ETA: Domain registration check seems to indicate it’s still owned by the Chess Federation of Canada through next July. Last record changes were in June. Probably not an expired/pirated domain, though it could be hacked.
Perhaps someone should email their domain and technical contacts and see if they’re aware of the problem… 2nd ETA: I just sent (Tuesday morning) an email to both the technical contact email (just the registrar,) and also the site administrator contact email as listed in the domain registry record. Hope those will get a reply back. (I really never check my own site admin email on my personal website - too much spam - but one can hope.)
Well, the Google explanation seems to contradict itself in saying it found something on the 15th of October but then has not found anything for 90 days. Or maybe I’m just confused. 
On the other hand, doing some quick scans of some Canadian forums, it appears that the Canadian Chess Federation is completely inept. No one seems to know what has been done or whether the website is actually safe. Someone did mention that a major hockey website had the same problem and resolved the issue in 8 hours with Google. So, I would say the best thing to do is to stay away.
Addendum: Also, it appears one of the major weaknesses has been in their ratings look up section. You don’t want to go there Mike.
It is confusing.
But the way I read it, on 10-15-09 Google did find problems, and that was the only time in the last 90 days it found problems. (It does not say how frequently the site was tested. Maybe 10-15 was the first time.) 10-18 was the last time it was visited, and apparently didn’t find anything, but Google hasn’t certified the site is safe, or that it tested the whole site, or you wouldn’t see the message.
It also says the problem was not: that the site itself was the source of malware (as in a contaminated file on the website itself,) and that it was not an intermediary (as in pages that host malicious code referenced by other websites, I think.)
It does say, though, that code on the website references other websites which are known intermediaries. It therefore pulls malware from other intermediary websites as part of the page delivery procedure. Or rather, that 25 pages of 588 tested on 10-15 had code in them which pulled malware code from elsewhere and tries to install that malware to your computer.
That it was able to identify 7 trojans and the subsequently infected computer contains 46 new processes means this was an active threat - visiting one of those 25 pages could well result in your computer being infected with a Trojan Horse. (According to Google.)
But, and here’s the tricky part, that bad stuff doesn’t have to be hosted at chess.ca. It just has to facilitate that code getting on your machine. That might be by an active script which calls malicious code from another website, or possibly clickable weblinks like the kind virus spammers try to get you to click which take you to the intermediary website (again, I think… but am not absolutely positive.)
I know, apropos of nothing to do with chess.ca, that I’ve seen at work a dramatic upsurge in activity since last Friday of trojan/phishing/virus spam emails which look much more professional than what I’ve seen in the past. Close to the banking phishing emails of days past which really looked like an email from a known bank. (The new breed are ones that make me do a double take and wonder which users in my system may have accidentally suckered into them.)
At any rate, as you say, as soon as chess.ca complies with Google’s processes for delisting the site would be rescanned and the warning disappears if no further threats are found. (The downside: You have to have a Google account to proceed, as far as I can tell. And you have to know the process exists.)
BTW, I heard nothing back from the emails I sent this morning.
Confirming your observation, this last Sunday (10/18) I received an email from my internet provider (AT&T) that began: “We have recently noticed an increase in the number of “phishing” emails being reported among both our members and other Internet services.”
Based on the Canadians talking about this, I don’t know if they’ll ever get back up with their current website. They are using ASP from 1999 with Access as a back end. What they are suffering are SQL injection attacks (basically someone puts code into a box on the HTML form and updates the database). Without some sort of upgrade, it’s unlikely they are going to be able to stop the attacks which is why they keep getting hacked and then listed by Google.
It does seem like the phishing attacks have gotten heavier again, and more sophisticated as well. It’s to the point where I’m reluctant to act on any UNSOLICITED email, even if they know my login ID.