How are viruses like SpywareGuard and antivirus 360 being spread?

[TheSeeker]

Hello

I work with a website that for the past few months has been getting complaints from users claiming to have gotten a virus or malware while using us.

We have had them install malwarebytes and it has solved their issues, but they still claim they gotten warnings and the popups, etc., while using our site - and blame us. However, we have had no luck in tracking down any issues. We have only had one of our checkers get redirected, and only once. We could not replicate it, or find out how or why. If we had malicious code on the site, I would think it would not be so random. Am I incorrect?

How are these types of trojans/viruses being spread? I see hundreds of sites talking about removing the programs, but almost none on how they got them.

Any thoughts or assistance would be greatly appreciated.

Thank you!

[TeMerc]

Hi Seeker.

Does the site in question serve any ads? Such as banner\flash style? This is one of the latest vectors used in malware spreading.

You can read all about rogue banner ads on Sandi Hardemier's blog, Spyware Sucks

[TheSeeker]

Hi Seeker.

Does the site in question serve any ads? Such as banner\flash style? This is one of the latest vectors used in malware spreading.

You can read all about rogue banner ads on Sandi Hardemier's blog, Spyware Sucks

Hi

Thanks for the reply. I will check out that website.

We sometimes shift from one company to another. We first started getting complaints when only using adwords (via google) but we also use adbrite as well now and again.

We suspected this especially due to the random nature and mentioned this to Google. Of course, they claim all of their ads are fine and upstanding and could not be the cause. When the problem has been reported by users, no one knows or remembers what ad was being displayed or would have been displayed to help track that theory.

[TheSeeker]

Some additional information.

We have found from some users that they were (they think) using certain pages of our website when the alerts from their antivirus went off or when the redirects and popups occured. But of course, we can never verify it and most users use the same pages without incident. (which yes points to the randomness of ads)

However, at least with one user, once they were verifiably infected, it redirect them every time they went to certain pages on the site, but did not seem to do so when they went to other pages on other sites. Once Malwarebytes was run, the virus was removed and no more problem. But why did it pick on those certain pages/urls?

Are certain keywords or url paths possible triggers for these types of viruses?

How can we separate users who were infected elsewhere, but getting triggered popups/warnings while on our site, from a user possibly getting infected from something on our site. We want to solve this and help users, but the finger pointing and blaming doesn't help at all. We have also had many users take offense that their computer could have a virus and refuse to scan it and simply blame us!

Thanks!