As I was checking several blogs and websites today, i found that several of them redirected me to either gescansecurity.org or a bing search page for “freevirusscan” .
Several blogger and wordpress blogs were seemed to have been affected. In my case I visited this blog (gosh..its a blogger blog) and this site was redirected to -
which first displayed a window almost identical to a standard "My computer" screen on a windows pc and looked like the typical type of windows malware. It alerted me of various viruses/Trojans (downloader.win32.agent etc.) detected on my computer, followed by a prompt to install "System Security Antivirus" and such by clicking "ok". With no option to close the window, and with no other active windows, I clicked cancel for no result as I got a message that windows security center recommends it as an install and hence the cycle repeats.
When I got rid of that page and revisited it,the page was gone and instead redirected me to a bing search page for search term “freevirusscan” .
On closer inspection I found out that affected blogs load a script just before the </body> tag with no recognizable pattern (atleast for me). Also I monitored my cookies and found that after being redirected to bing,a cookie is set to prevent the user from being redirected for 20 days.
Several wordpress blogs also displayed the same vulnerability. On later googling I found a user in apple forum about the same problem. A new virus attack on Wordpress/Blogger ? Seems so as I was running Linux and seemed to have no malware installed on my Linux machine. Tested this on a clean windows machine and for positive results.
Keep your eyes open folks..
Like This post ? You can buy me a coffee :)
Posted by XERO. ALL RIGHTS RESERVED.
John your post is 60 words long, and they are two articles on the same topic. This article is far more detailed and descriptive than your post, however your post does mention a search string that you can use to identify hacked blogs ( if the whole getting redirected thing wasn't enough ;) that is not in this article which leads me to believe he didn't copy you and you just ended up with some similar sentences.
ReplyDeleteYour reply to this article seems to just be advertising for your ad-ridden blog.
I was looking at a blog: Penguin cheats (for a Penguin Books blog) at, & when I tried to open it a message poped up: you have a virus. As I dont have use the Windows but working on a Mac does it mean something
ReplyDeletethese are the details: Email-Worm.Win32.Merond.a
Virus.Win32.Induc.a fontsub.dll
Downloader.Win32.Kido.anvcplui.exe
Downloader.Win32.Kido.ainput.dll
Trojan.Win32.Agent.azregedit.exe
and it redirects to : http :// gescansecurity.org
waht do i do?
Giory