Michelle Obama is behind this. She HATES pie! And freedom!

Looks fine in IE 8.
It is a bit like the small rant I had to a friend a few days ago, after chrome kept reminding me that the hotmail sign in page was http and therefore unsafe and that I should only use such websites that used https and did I wish to continue? I understand it is a legitimate concern, but being told off by my browser for something that is outwith my ability to affect is really annoying.

Or is google trying to make everyone paranoid?

Michelle Obama? No, I think it's more likely Mayor Bloomberg.

Actually there was a DDOS attack on the SFWA site a little while ago. I wonder if this is related?

John Scalzi mentioned that the site was fixed a couple of days ago, but it can take time for Google et al. to catch up. Something similar happened a week or two ago at Television without Pity.

For a link to the place of tweeting.

The SFWA twitter feed is worth taking a peak at:

https://twitter.com/sfwa

They indicate that there's a secondary attack, that they have identified the malware and removed it and are waiting for Google to re-scan the site.

Google has a fairly clear procedure for Webmaster's to follow:

http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163634

There was embedded trojans. I don't know the nature of the attack, but they were found and dealt with, but the Malware warning persists for a period of time after, so they are waiting for it to clear.

Alas, as of right now, it is still there. I use my ipad to read it when this warning is up, as IOS seems pretty immune for the time being.

I should rephrase: the warning will go away as soon as Google rescans the site and confirms the absence of the trojans.

"as soon as Google...confirms the absence of the trojans"

Such a setup. Cannot decide between "Again with the contraception mandate!" and "yeah, USC grads can be a security risk."

But good to know it's fixed.

Ken Houghton #7:

Or, we blew *all* the asteroids away?

Trojans? Elaan of Troyius's henchmen?

As Laocoön said, "Embedded whats?"

Google's page on the site says, "The last time Google visited this site was on 2013-02-21, and the last time suspicious content was found on this site was on 2013-02-21."

I think it's still infected, or else Google is showing a false alarm.

Once the site is disinfected, you can request that Google review it here.

Randolph -- it's now 2012-02-22, and it's quite possible it's been corrected since the last visit by Google yesterday.

Tom @14: Yes, but John Scalzi's twitter-post saying "the problem at SFWA is solved" was from the 20th, so the Google scan postdates that claim.

With that said, Google's page is also saying, "This site is not currently listed as suspicious," so it looks like Google is confirming that the problem is fixed. The two instances of "on 2013-02-21" in the sentence Randolph @13 quoted must refer to an earlier and later scan on the same day.

I do note that the "This site may harm your computer" warning is still up on search results (c.f. this version of same), but that's probably a matter of taking a day or so for cached information to propagate across the search servers.

When one of my sites got this message I had to go to a Google tool that re-scanned the site once I'd cleaned up the malware (it had been hacked).

But this is the second time in a few months that the SFWA site has been DDOS'd (they tweeted that this morning) and now this. Does someone have a grudge?

From about 15 minutes ago:

"The SFWA site is clear again. We are taking additional steps to try to keep these attacks from reoccuring. Thank you for your patience."

"Does someone have a grudge?"

Any number of scammers who don't like Writer Beware. Or someone who thinks that SFWA is giving entirely too many awards to Girls. Or, some random teenager in Dubrovnik whose bots noticed a vulnerable site.

Hey! It says there will be a new Crossman book this year!

That would have been worth braving the malware by itself.

For what it's worth, the "This site may harm your computer" warning is no longer showing up on the search link I previously posted. So this looks to be properly cleared up now.

Google really does rescan rather quickly. It's not now saying that that page is infected, and clearly the earlier reports that things had been cleaned up were premature.

Also, seeing simultaneous reports of "Google reports site X laden with malware" and "site X looks fine to me as I visit it with the browser and OS combination most targeted by malware authors" (e.g. comment #2) makes me want to bang my head on the table.

I am seeing repeated attempts to deliver a malware payload java exploit on some of the sites I herd. By repeated, I mean in the thousands in a few hours.

It's a Windows script that tries brute force on various ports, and looks for Java on the server.

N.B. Java not JavaScript.

FWIW, I don't think this was aimed specifically at SFWA. Cracking sites and installing malware is an industrial process.

Thank you to Jim for not linking directly to the site. In my line of work we also munge the URLs, as

hxxp :// www(.)sfwa(.)org / 2013 / 02 / guest-post-the-importance-of-pie-cooking-the-books-with-james-d-macdonald/

to prevent people from easily copying-and-pasting (or their mail clients from easily linkifying) and visiting a malicious URL. (Even the best of us screw up and click on something we didn't mean to occasionally, and it's a pain to have to burn down your system and rebuild it when it happens.)

If Google says there is malware on a site, or you hear a report, DO NOT VISIT IT.

Malware, much like carbon monoxide, may be imperceptible -- odorless, tasteless, and invisible to the naked eye. guthrie @2, please make sure your antivirus is up to date and run a full scan immediately.

If you want to know why people automate this kind of thing, this report released a couple days ago is a fascinating look at just some of the hijinks they get up to.

What line of work are you in, Kevin?

His website is pretty fascinating, Jim, and links from his name -- I found it by Googling his name, which may have been slightly paranoid but fits into exactly what he was saying! When I looked back here after clicking through the second g-hit, to a personal website, his name showed up here as my having visited the link.

A roundabout way of saying: cool that you drop by here, Kevin R!

The last time I got one of these warnings, it was for a download page on the Adobe site.

Jim Macdonald @27: These days, web security. (This is a pretty recent development.) I'm a bit more on the side of writing software to help us coordinate response than doing active forensics myself.

Tom Whitmore @28: A bit creepy, but thanks for the welcome! I've been hanging around here on and off for a while -- more of a lurker than a poster, but I read a lot. It's a good place, with a lot of smart people.

Dave Bell @29: If a malware alert pops up, there's a strong chance it's legit, even for a big site like Adobe. Big sites get hacked, small sites get hacked -- everybody gets hacked. It's not something I'd take chances with.

It has long been one of my precepts: Never ignore a warning, even if it doesn't make any sense to you at the time.

@31 Jim

One of the things that drives me most insane about my family members is the insistence on justification for everything. When what I'm saying is something like, "Stop!! Hit the brake!" or "Don't touch that button!"*, it is not the time to say, "Why?" while continuing to do what you are doing.

*not hypothetical events

Cheryl: I got in big trouble with an acquaintance when I failed to immediately comply with the command, "Hand me that shoe!"

Jacque: I'm betting that whatever it was had a lot of legs, or poison pinchers?

Rikibeth: Six legs and a high squick value. Something with which I blessedly don't encounter much in my native habitat.

Jacque: a hitch-sized hole in the bumper and a broken windshield-wiper motor, here.

It's an even worse habit when combined with moving vehicles.

Cheryl: It's an even worse habit when combined with moving vehicles.

Especially with pedestrians in the equation. There's a really bad intersection near my house wherein, if the pedestrian is standing on the opposite corner waiting to cross, they are exactly in the oncoming driver's blind spot. More than once I've had to step lively to keep from getting hit (and this is not counting the drivers who simply won't stop to allow a pedestrian the right of way).

Riding out of there in a friend's car, I've had to speak up more than once: "Stop! Pedestrian! Watch out!" It's fascinating how long it takes for that message to penetrate.

Kevin Riggle @30

There's an Adobe Flash Player update out, patches a couple of zero-day exploits. The download instructions recommend that you turn off your virus scanner...

One wonders what the hell they are playing at.

Dave Bell @38: I had the impression that it was fairly common for critical software updates to suggest turning off one's virus scanner, probably because "alters installed software" is a characteristic shared by malware and critical software updates.

More and more I'm coming to believe that our malware-detection ecosystem resembles a mammalian immune system, complete with allergies, auto-immune diseases, and so forth.

I haven't seen a virus scanner recently which is actually so oversensitive that it needs to be turned off when software updates are installed in quite some time.

The instruction still persists, though.

Jeremy Leader @39: Quite.

Probably for spaces. (A nice demonstration of that allergy response.) Would the gnomes like some gluten-free parmesan-and-sundried-tomato-flavored brown rice chips?

Jeremy@39

The update installation file for my browser often triggers my virus scanner (Norton) if I download on the day of release. It's one of the "known issues" in the current version's release notes.

(For some reason it doesn't trigger the scanner if I wait a few days and then download.)

It's baaaaaack.

Oh, goodie. Who wants to tell 'em?

"This site my harm your computer" notifiation

It is important that you feel safe when you search the web. We're continuously working to identify dangerous sites and increase protection for our users. The following warning message appears beneath the title of search results we've identified as sites that may install malicious software on your computer: "This site may harm your computer."

And I wonder who'll tell Google that they misspelled "Notification"?

Jim @43 - They knew already. I came to tell us-over-here.

All better now! or at least so @sfwa declared about 11 hours ago...

@44 - Google, however, are probably beyond help.

We now find that writerbeware [dot] com is a reported attack site.

Registered through: GoDaddy.com, LLC (http://www.godaddy.com)

Domain Name: WRITERBEWARE[dot]COM

Created on: 15-Oct-03

Expires on: 15-Oct-13

Last Updated on: 02-Oct-12

Registrant:

SFWA, Inc.

PO Box 877

Chestertown, Maryland 21620-0877

United States

Administrative Contact:

Webmaster, SFWA webmaster@sfwa.org

SFWA, Inc.

PO Box 877

Chestertown, Maryland 21620-0877

United States

8883227392

Technical Contact:

Webmaster, SFWA webmaster@sfwa.org

SFWA, Inc.

PO Box 877

Chestertown, Maryland 21620-0877

United States

8883227392

Domain servers in listed order:

NS11.DOMAINCONTROL.COM

NS12.DOMAINCONTROL.COM

Jim (#45): That (as well as the "my" for "may" error you didn't point out) seems to be fixed now.