Comments on: HTML form ads a risk?

By: Julian Moss

Julian Moss — Thu, 03 Jul 2008 11:20:50 +0000

McAfee Site Advisor is certainly flawed, and not just at detecting whether sites send spam. It has just red-flagged our site tech-pro.net on the basis of a false positive detection of Winfixer in a free trial download of PC Tools Spyware Doctor (as verified at virustotal.com – McAfee was the only one of 33 products that claimed anything wrong with the file.) The full story is on my blog: http://blog.tech-pro.net/entry/47/McAfee_defamation_of_Tech-Pron

By: David Lewis

David Lewis — Fri, 16 May 2008 03:37:57 +0000

I wrote a little more about the problems I found with McAfee’s SiteAdvisor at http://www.revenews.com/davidlewis/mcafee-siteadvisor/

If you want to figure out what domains McAfee uses when it registers, there is a suggestion about that.

By: David Lewis

David Lewis — Wed, 14 May 2008 14:47:52 +0000

Those ads really are static. We really don’t use them.

I was concerned about a potential security risk when you first mentioned it but then I realized that we have no way to know that it is SiteAdvisor. That appears nowhere in our database.

There is a problem with McAfee’s system. There has to be a flaw there that (a) the e-mail address was used more than once, (b) someone leaked it or (c) someone hacked McAfee’s system.

By: greg

greg — Wed, 14 May 2008 11:51:44 +0000

I see some ads in the right sidebar. Check out these pages, for example:

http://anycoupons.com/baby_universe.html
http://anycoupons.com/mortgage.html

If you didn’t have any ads on your site with forms, then there’s a couple of possibilities:

a) the crawler ran amok, and went off your site to a form while thinking it was still on your site,

b) the email address in the user database somehow got leaked to a spammer, suggesting a security issue with the server (although this seems unlikely since you don’t store name and the spam *did* use a name.)

By: David Lewis

David Lewis — Wed, 14 May 2008 05:06:25 +0000

We don’t have ads, per se, on the site. The only forms to fill out are to sign up for the newsletter or review a store.

How would filling out a form get to the McAfee e-mail account?

By: greg

greg — Wed, 14 May 2008 02:57:49 +0000

That crawler’s trained to fill out forms, so it must have told a form – not your form, but maybe within an ad that ran on your site – that its name was ‘SiteAdvisor’.

Can you recall any advertisements with a form field called ‘Name:’ or something similar?

By: David Lewis

David Lewis — Tue, 13 May 2008 19:58:50 +0000

Greg and Igor-

Thanks for your support and for trying to help McAfee improve its system.

I went looking for the SiteAdvisor e-mail addess. I had looked yesterday for the obvious domains. None appeared. Today Shane from McAfee commented on my blog that there were 4 new tests running. There is only one e-mail address that looks randomish signing up yesterday or today. It was on sbcglobal.net. The rest look like real names. (Igor pondered whether McAfee uses hotmail, etc for the test accounts.)

But here is what really struck me as strange. If you look at the Sample Inbox at http://www.siteadvisor.com/sites/anycoupons.com/email, many of them have SiteAdvisor in the subject. AnyCoupons only asks for an e-mail address and password. There is nowhere on AnyCoupons for someone to give us their name and “siteadvisor” shows up in no e-mail addresses in our system.

So the spammer who guessed the e-mail address knew that it was SiteAdvisor while we didn’t.

Theories?

-David

By: Igor The Troll

Igor The Troll — Tue, 13 May 2008 18:11:16 +0000

Excelent theory. I think you are right on the money with it.

I and a bunch of other people in the SEO industry are on top of this and Siteadviser cleared David. Now we need to get Yahoo to correct its flaws.