State Bar Says Site Safe but Changing: ; Officials Say Transfer of Server Information Set Off Search Engines Alarm
By JAKE STUMP
A popular search engine has been warning Internet users to avoid the West Virginia State Bar’s Web site or risk their computer going haywire.
However, this morning, Google’s warnings about the site had been removed. Strong warnings were prominent Tuesday.
Visitors to www.wvbar.org had been putting themselves at risk of downloading malware, a term derived from ‘malicious software,’ according to Internet search giant Google and its partner, StopBadware.org.
The State Bar, which has fielded several phone calls from members about the problem, contends its site is safe and just undergoing changes.
Executive Director Anita Casey said she didn’t think the site had been compromised although callers believe it had been hacked.
An e-mail was sent to Bar members Tuesday that read, “The Web site is currently being moved to a new server and will be unavailable at times during the next few days implementing the new site changes.”
Casey explained that Web technicians were transferring the old database to a new one, which may have raised red flags for virus and malware detectors.
“The anti-virus companies notice there’s something wrong, so it’s putting out this warning message,” Casey said. “I’m not a technology person, but I’ve talked to a few tech people. There’s nothing to fear.”
Bill Gardner, information technology manager for Flaherty, Sensabaugh & Bonasso, said an attorney pointed out the situation to him early Monday after conducting a Google search for the State Bar.
On Tuesday, the first Google search result for “WV State Bar” displayed the link, accompanied by “This site may harm your computer.” The site was blocked by Google for security purposes.
On Tuesday, another attorney told Gardner about the flagged Web site.
“At that point, they seemed to have a problem,” Gardner said. “I called the State Bar and told them they might have an issue. They said they were working with computer consultants to resolve it.”
Gardner said he hadn’t heard if the site had infected anyone’s computers.
Users can access the page by typing the URL in the address bar.
Clicking on the link on a Google search brought up a warning page. An additional page said the site was listed for suspicious activity one time over the past 90 days.
A Google spokesman on Tuesday said the site was serving malware to those accessing the State Bar’s page. The spokesman said that a domain in China was distributing the malicious software through the Bar site.
He described the technique as an SQL injection, which exploits a security vulnerability occurring in the database layer of an application.
“Of the 446 pages we tested on the site over the past 90 days, 41 pages resulted in malicious software being downloaded and installed without user consent,” read a Google diagnostic page for the Bar site. “The last time Google visited this site was on 09/08/2008 and the last time suspicious content was found on this site was on 09/ 08/2008.”
Google classified the Bar’s site as an “attack site.” According to Google, attack sites try to install programs that steal private information, such as credit card numbers and passwords, use one computer to attack others, send fake e-mails from the user’s account, or damage the system.
Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Starting in 2004, Google established an automated system that scours all Internet sites that might be dangerous to users. Sites are accessed on a special computer, or as technology experts call “a virtual machine,” to detect malware. If it pops up, the site is flagged.
Contact writer Jake Stump at jakestump@dailymail.com or 304-348- 4842.
Originally published by DAILY MAIL CAPITOL REPORTER.
(c) 2008 Charleston Daily Mail. Provided by ProQuest LLC. All rights Reserved.