Google's bin.clearspring.com Warning Explained

Several web sites I've visited today, including Time Magazine and Planet 107.3, are triggering a malware warning in Google Chrome:

The website at www.planet93.com contains elements from the site bin.clearspring.com, which appears to host malware -- software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer. For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for bin.clearspring.com. Learn more about how to protect yourself from harmful software online.

Twitter users report the same problem on Fast Company and the Chicago Tribune, so it's presumably hitting a lot of media sites. I've encountered these warnings before when a third-party advertising service was hit with a malware attack. Every site using widgets or ads from the domain bin.clearspring.com is probably triggering Google's warning.

A blog post on Clearspring states that their widget delivery network was hit Saturday with a malware attack detected by Google:

We noticed early this morning via Twitter that a large number of folks using Chrome were being warned of malware when visiting sites with Clearspring Launchpad widgets. To summarize the event, our portion of the Content Delivery Network (CDN), the service we use to efficiently host all Clearspring widget internals, was compromised with files that redirected users to a certain malware domain (which we won’t link here). We quickly fixed the issue and are now back to normal operation as far as the CDN is concerned. Because of Google's aggressive malware prevention policy, users may continue to see warnings until Google completes its re-review process. ...

Note that this issue had no affect on the AddThis sharing platform, only on widgets served via the earlier-generation Clearspring Launchpad platform.

When Google thinks a web site may be serving malware, it displays a warning in place of the site. Although it's possible to ignore the warning and continue to the site anyway, that's a monumentally bad idea. Within 24-48 hours, the bin.clearspring.com warning will likely go away if Clearspring has cleared up the problem.

I've never heard of Clearspring before, but letting its servers become infected with malware files and delivering those files on third-party sites is a massive PR disaster. The company also was criticized in a Wall Street Journal piece Saturday for putting 55 different Flash-based tracking cookies on the computers of people who visited Comcast's web site:

Clearspring, based in McLean, Va., says the 55 Flash cookies were a mistake. The company says it no longer uses Flash cookies for tracking.

CEO Hooman Radfar says Clearspring provides software and services to websites at no charge. In exchange, Clearspring collects data on consumers. It plans eventually to sell the data it collects to advertisers, he says, so that site users can be shown "ads that don't suck." Comcast's data won't be used, Clearspring says.

Google · Security · Malware · 2010/07/31 · 6 COMMENTS · Link

Comments

Hi, it's Justin from Clearspring. So sorry about this issue this morning. We've fixed the problem that caused the warning and are now working with Google to get the warning resolved as fast as possible. If you have any questions, don't hesitate to drop me a line. - justin@clearspring.com

#1 · Justin Thorp · 2010/07/31

I just noticed Google issues the same ClearSpring.Com malware warning on July the 31st, 2010 for my NING network. This is a problem caused by ClearSpring and not NING. I have been with NING for many years and pay to keep my professional website. To think that ClearSpring with its infected widgets despite millions of dollars in funding can cause me to lose visitors is unacceptable. I will be sending an email to ClearSpring in a few seconds from now.

#2 · InfoGuruShop · 2010/07/31

Thanks Justin, I hope you can avoid this in the future - to have a "malware detected!" on my site is quite disturbing. I would be forced to change that widget on my site if it were to continue. And hey Charly - grow up! Is that the only way you know how to communicate? Quit being a smacktard! it's not like they did it on purpose.

#3 · Eggplantdog · 2010/07/31

A few of my members have had the malware warning pop up when trying to visit my forum. Is this due to a link posted in a thread by a member?

#4 · slither · 2010/07/31

No. It's because you have a widget on your site published by Clearspring. If you temporarily remove the widget, you should stop triggering the malware warning.

#5 · Rogers Cadenhead · 2010/08/01

Hi guys so we just posted a full account of everything that happened on Saturday. - www.clearspring.com

Again, e-mail me personally if you have any questions. - justin@clearspring.com

#6 · Justin Thorp · 2010/08/02

Add a Comment

All comments are moderated before publication. These HTML tags are permitted: <p>, <b>, <i>, <a>, and <blockquote>. This site is protected by reCAPTCHA (for which the Google Privacy Policy and Terms of Service apply).

Microsoft Bob icon

Rogers Cadenhead

Social Media

Mastodon

Mastodon

Subscriptions

Workbench RSS feed RSS Feed

Blogroll

Projects

Statistics

Line drawing of cowboy on horse

This blog has been published since Nov. 7, 1999 (a span of 8,930 days).

Thank you for visiting Workbench.

Drawing of an owl with glasses reading a book