Posted: 1/3/2012 8:58:30 AM
Here is the latest theory from the techies...
As usual, the virus is already present on the users' computers. We know it's not on our servers as a drive-by virus - if it was coming from us, we would have infected hundreds of thousands of people by now, not just a few dozen. And - yes, of course - we have scanned and analyzed all code and servers.
Also, since 99% of infections come from people installing infected software themselves - and we don't offer downloads - is another reason why we are absolutely certain it is not coming from us.
However... one question we have is "Why do some people only claim to receive these warnings when they are on our site?"
We have a theory about that...
One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.
What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.
In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.
Yes, I will repeat this for clarification... if you are getting these warnings, then you probably already have a virus. You are not getting protected, you are getting tricked.
Note that this is not the fault of the ad networks either. If anything, it's a sign of success that these viruses are targeting those networks.
So our only option to help people in this case would be to completely remove all ad networks from our site - effectively cutting off one of our major sources of revenue, while punishing innocent ad networks - because some of our users got infected by a virus somewhere else.
That doesn't seem fair to me.
Now, some of you are going to complain that you have a completely clean computer that was wiped two weeks ago by a technician.
Did you install all the necessary Windows updates and have a half-decent firewall? Without these, you can get infected simply by leaving your computer on overnight.
Do you have a real anti-virus program? If you ever downloaded one of those AV programs that have ads promoting "your computer might be infected, scan it now"... those are NOT bonafide AV programs. In fact, they are probably causing the problem.
Did you install ANY third-party software? Because the cleanest computer gets immediately re-infected once you re-install that infected program you downloaded somewhere.
BTW tinfoils, see above regarding Europa's problems... we don't have any java on our site. What this means is that you probably have a virus, ad it's throwing out fake warnings, which is a common symptom.