Saturday, 8 February 2014

Malware Warnings, Bloggers, MADads Media, Nuclear Reaction - How To

Hey Everybody I'm back (Now I'm tired by giving excuses every time for my months long absence So, Don't expect it at least any more in this post, lol). Anyway, during this month's absence I got a total of three or four offers from companies to write an honest reviews about them. And I promised them to share my thoughts on their products after test soon in February. But today's post is not an on demand review. The today's post covers MadAds Media Review and a real story that just happened in which thousands of websites got malwared like a nuclear chain reaction.

Today when I got some time just before kick start work on a SEO campaign for my some new niche projects I got a message straight from my friend Syed Faizan Ali. Yup, you got it right, I'm talking about the guy behind My Blogger Lab, Templateism and many other startups which are now well known in Blogger industry not less than a Tycoon.

The conversation starts to visit the At first I guess it is a normal request to check blog either isit working fine or not or may be he put something great over there. Look at below screenshot to see what I saw when I try to visit my blogger lab.

chrome malware warning blog

Wow! The website Ahead Contains Malware and Google Chrome has blocked visitors to access the website.

In most cases with malware notice chrome usually also mention the url of major source of malware. For example if that is because of any malicious link of any script we used in our blog but hosted on any third party website.

But it is clear from above screenshot we didn't get any clue of the malware distributor. So, in the beginning we don't have any evidence what just has happened to the site. So, I asked faizan to ensure me that you have not accepted any comment in the last two days to eliminate chances of something close to hacking. And he said "NO, Even I didn't make any kind of changes in my blogger lab". Then in the next move Faizan dressed MBL with complete new template without any external scripts and some widgets to make sure that none of script used in blog is not hosted on 3rd party sites which got malicious. But nothing changed. Keep in mind the traffic during this time has dropped to almost zero from multi thousands of visitors. So, obviously as longer site remains down the bigger the loss faizan would have to face in terms of revenue, visitors trust, SE visibility, etc.

In the mean time faizan got a malware confirmation message in Google webmaster tools,

Google has detected harmful code on your site. We recommend that you clean your site as soon as possible. If the malicious content is not removed, Google's search results may display a warning when users click a link to your site to protect them from malware.
 and an email too straight from Google Search team,
  • Dear site owner or webmaster of, We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs): http://mybloggerlab .com/ http://www.mybloggerlab .com/ http://logocreator.mybloggerlab .com/ Here is a link to a sample warning page: We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because: 1) the site was compromised 2) the site doesn't monitor for malicious user-contributed content 3) the site displays content from an ad network that has a malicious advertiser If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites: Once you've secured your site, you can request that the warning be removed by visiting and requesting a review. If your site is no longer harmful to users, we will remove the warning. Sincerely, Google Search Quality Team Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into and going to the Message Center, where a warning will appear shortly.

Long story short later on accessing MBL via search results we got a new kind of malware warning with useful links in detail.

chrome malware warning

By diagnosing blog link via Google's Safe Browsing diagnostic page option Google clearly mentioned MadAds Media as malware distributor. After that faizan removed MadAds media ads from blog and submitted a reconsideration request via Webmasters.

How To Remove Malware Warning From Google

 To make your blog accessible and unblock by Google after removing malware content you have to submit a reconsideration request. The process to submit malware removal request is quite simple. Just go to Google Webmaster Tools > Crawl > Security Issues > mark check on 'I have fixed these Issues' > click on 'Request a Review button', all done.

Now thanks to ALLAH (SWT), the blog reinstated just with in five hours after submission of reconsideration request. But unfortunately we missed to take screenshot of mbl's diagnosing report by Google (now its not accessible) in which MadAds Media was clearly mentioned. But sadly MadAds media still didn't fix their malware distributed link (, its still blocked by Google with malware warning.

Update: Now Syed Faizan Ali has also provided a screenshot of Google Advisory report clearly showing MadAds Media as responsible. Checkout following screenshot:
malware warning google madads media

What will happen if I will not remove malware content from my blog?

Well I'm not sure about the WordPress or self hosted blogs and sites but I'm sure after few days your blog will get locked by Blogger if its hosted on The visitors will get a redirect to page with certain message on page.

This blog is under review due to possible Blogger Terms of Service violations and is open to authors only

Whereas via accessing your blog via you will see a yellow marked notice and popup message that Blogger's malware-prevention robots have detected that your blog could cause malicious activity on a reader's computer. And its now locked because of violation of Blogger's Terms of Service.

Why I Said This Malware Warning as Nuclear Chain Reaction?

I don't have idea about the total of number of publishers registered on MadAds media, but for sure active ones would be in thousands (at least). For example if 1000 Publishers are using MadAds Media ads on their blogs then all will  suspect as malwared by Google. After that if any one of them is like My Blogger Lab whose links are present as Sitewide links in footer or sidebars or in posts then all of blogs and blog posts giving link backs to resources like MBL will also get suspect as Malwared by Google. And you guys know a total of 1500 unique domains are referring MBL (source Probably the MBL referrers will also have there referrers, and so on. I made Malware Nuclear Chain Reaction confirmation for MBL by using  "powered by mybloggerlab" in Google search. You can test it also by opening sites referring malwared sites especially via sitewide link.

In last there is a small suggestion for all folks that don't panic if you are getting malware warning on blog. If its simply on a single blog page, then go to that affected page and find the responsible malware distributor url. If your complete blog showing malware warning than potentially the responsible malicious stuff would be present in your sidebars, widgets, in theme / template, check your sub-domains too to find malicious downloading, plugins or software or access .htaccess in WordPress to hunt the possible injected malicious scripts or redirects.

One thing more keep in mind that it is not necessary that your blog will get blocked and show malware warning on entire internet. In above case the blog is only showing malware warning on chrome, not on Mozilla firefox and Internet explorer and on other online proxies. Well for MadAds media review you can hit MBL where faizan is going to publish a stunning review of this ad network that will make you able to decide whether to choose or keep it anymore or not :P Over to you!


  1. My website keeps redirecting to I don't know why. I am using Ubuntu 12.02 and Firefox

  2. @webdevelacc; what is your site url?

  3. Hi, thank you so much for getting back to me. It's doing it again today. My site url is,

    It's even redirecting from the front page.

  4. ^ I thoroughly checked your site and didn't find any kind of script/link that can cause redirect. Even your site is not doing redirect, at least not right now.. Seems you fixed it yourself.. :)

  5. Yes, thank you for checking. That's very kind of you.

    I checked too and can't find anything either but my site is still redirecting to I am going to talk to my host about it.

    I will definetly let you know what you what happens.

    Thanks for again for checking :-)

  6. btw also check it after clearing browser's/system cache/cookies, if you didn't did it yet! I hope this gets fixed soon.. :)

  7. Hi, well I talked to my host. They can find no problems on their end. I talked to Syed Ali and he did not say he is aware of any reason my site should redirect to his. Though, I am not sure he clearly understood what I meant. I reset my browser etc but my site is still redirecting to his site occasionally.

    Not sure what to do...


  8. Not 100% sure but I guess finally I nailed it.. disable peel effect and remove this script >>> < script language="javascript" type="text/javascript" src=""> < / script > above.

  9. OK, thank you. I think you are right.

    I also found a piece of foreign code stuck in a tinymce folder in a copy of Wordpress that I downloaded to my compoter for reference. Not sure how this happened. But, I think the code in my copy of Wordpress is infecting js files as I download them from the net.

  10. Hi, I just wanted to update you on my problem. I deleted those files and have discovered that when I download files from the internet, like the javascript file you suggested I remove, they are becoming infected somehow. I am using Ubuntu 12.04 LTS on my machine. So, don't believe anybody that tells you Ubuntu is virus free. It's certainly not, lol.

    I intstalled some anti-virus software called ClamTK for Ubuntu and found 11 infected files.

    But, as for my website, it no longers redirects to another site, and hasn't done so for about a week, so I think we nailed it.

    Thank you for the help. I added a link to your site from my credits page here:

    Please, let me know that's OK.


  11. Good Information,Really helpful

  12. Hi again Carlos,
    I'm so glad you not only nailed it but fixed it yourself, too. Wow, this is great pleasure for me to see myself with a link back in your 'Super Peeps' list with a bunch of kind words..:) Thank You so much boy.. I highly appreciate this..

    btw, checkout this url what I found when I decoded last few lines of that specific peel effect JS url.. #Reason2RedirectOnMBL

  13. Very good article! I had the same problem with redirecting on mybloggerlab and now i have solution, thank you, it works well. I read some articles about this malware on but i couldn't use it correctly. I will follow your blog for new information, Syed.