Google Blocks DealsDirect

Just like thousands of other happy DealsDirect shoppers, I clicked on a bargain in their daily email newsletter this morning, and instead of landing on a DealsDirect product page, I got a 'Reported Attack Page' warning in Firefox, with a link to a Google safe browsing diagnostic page!

Luke and I have been shopping online at DealsDirect for many years now, so it was a big surprise to see this warning message, and we certainly do not believe that DealsDirect would intentionally host attack pages.

As far as Google is concerned they're taking this issue very seriously indeed. DealsDirect search results in Google Web Search show this message: 'This site may harm your computer', which links to their help page with this information: 'We want our users to feel safe when they search the web, and we're continuously working to identify dangerous sites and increase protection for our users. This warning message appears with search results we've identified as sites that may install malicious software on your computer'.

The Google Safe Browsing diagnostic page for dealsdirect.com.au, confirms that when Google visited the site on 18 March, 2010, they found 7 pages that resulted in malicious software being downloaded and installed without user consent. Malicious software includes 2 trojans. Successful infection resulted in an average of 2 new processes on the target machine.

The diagnostic page does however confirm that dealsdirect.com.au did not host this malicious software, and has not functioned as an intermediary for the infection of any sites. Google also states that in some cases, malicious code is added by a third party, to legitimate sites.

As far as we're concerned DealsDirect is indeed a legitimate site, and the only conclusion we can come to, is that malicious code was indeed added to dealsdirect.com.au without their knowledge.

When it comes to online shopping, security is of the upmost importance, so after DealsDirect have resolved this issue, they'll need to do perform a thorough audit of their website security, and ensure that problems like this cannot occur again.

As soon as I receive a response from DealsDirect I'll append it to this article.

Updated on Fri 19 Mar 2010 12:30 PM AEST, by James Murphy

I just received this statement from DealsDirect:

At 5.20am Friday 19th March, a Third Party software package that serves DealsDirect.com.au on-site banners was detected to have been recently compromised.

The malfunction was rectified within 30 minutes of receiving notification by DealsDirect.com.au. The root cause was isolated and the Third Party software was shut down.

The effects of the Third Party software compromise resulted in the DealsDirect.com.au site being blocked to those customers using Firefox, Safari and some Internet Explorer browsers with the Google toolbar.

It is important to note, DealsDirect.com.au customers' personal information is stored securely and resides in a separate server from where the banner server runs. DealsDirect.com.au servers are scanned daily by McAfee and are a Certified McAfee Secured Site: https://www.mcafeesecure.com/RatingVerify?ref=www.dealsdirect.com.au

DealsDirect.com.au is working with Google to ensure customers using these browsers can gain access to the DealsDirect.com.au site as swiftly as possible.

At no point was the DealsDirect.com.au site "down".

I feel bad for DealsDirect, as this could have happened to any website, but it just goes to show that webmasters really need to scrutinise all the third party software they run on their sites.

Let's hope DealsDirect and Google can resolve the problem soon, so we can all start shopping online for bargains again.

Updated on Fri 19 Mar 2010 4:59 PM AEST, by James Murphy

I'm happy to report that the issue has now been resolved, and Google is no longer displaying warning messages for DealsDirect.

Verified Store Page: DealsDirect