Doa'S Malware Infected

Check it out:

Yeah came across this last week when I was asked to post an event on there.

I also got a google-warning for this site.
Sucks pretty much since they have some fine info here and there.

I’ve seen similar warnings popping up around the web. There have been a few nasty advertisers that slip malicious javascript into their banner ads without the client (ie. DOA) even realising. In some cases, the advertising system itself gets its banners from multiple sources, and occasionally the people managing the system aren’t aware that one of their suppliers has used malicious code, etc.

With the amount of signature spam that occurs on that forum, with images and flash widgets being included from all over the web, something like that was bound to happen eventually.

I’m somewhat confused as to why someone would let advertisers execute javascript on their website… Last I checked, javascript execution is not necessary for display of advertisements.

You’re quite right - javascript is not required to show a basic ad, but there are tons of advertisers out there who do have javascript-driven ads, or ads that require extra functionality to work. Things like setting tracking cookies, detecting whether AdBlock is installed, and of course to handle flash, etc. (I know you know all this crap already :) )

As long as the internet has been around, there have been crafty advertisers coming up with ways to cram their shit down your throat. Javascript plays a huge part in that, and advertisers do pay more to people who are willing to have javascript ads on their site, versus simple image banners.

Edit: A very quick glance at the page source on DOA shows javascript being used in multiple places to embed ads.

Edit2: I was just reminded of an instance here on the Renoise forum a while ago, where someone was using a particular file or image host, which had gone bad at some point. Whenever this person’s images (their external avatar I think?) were being included in the forum threads, I think it was redirecting to another page that was loading some script, which was in turn triggering a malware warning in other users’ browsers. I forget the exact details anyway.


One of my customers has had the same problem recently. His site has been flagged as dangerous by Google.

He has FTP access to his site’s www folder, and his login/pass were somehow leaked or cracked by brute force. His homepage would be downloaded, modified and uploaded again.

The modification was the addition of JavaScript code at the bottom of the page that would load a Java applet from

I cleaned and uploaded his homepage, and it was hacked again within one hour.

I had to change his login/password (they were quite weak) and it stopped.

Then I had to add his site to my “Google webmaster tools” account and ask for the site to be checked again by Google to remove the warning page. It took less than two hours to have it marked as safe again.

Read something earlier today about all of this:

Looks to be pretty big. :expressionless:

Same kind of crap happened to my site before, man what a head ache and not to mention it looks VERY bad. One thing I learned was NEVER give out your password, even to your close friends (they may not play as safe as you do) and the next step is close backdoors to your site, so if your site has a directory called music, contact your host and ask them to close them.


Sorry, I should have clarified… if it were Javascript that Google themselves had written, it would be understandable… but I don’t know why Google would let 3rd parties execute custom JavaScript through their ad services. That kinda thing should be standardized imho, so that kinda shit doesn’t happen. There’s only so many things you can acceptably do with ads in Javascript without being 100% obtrusive or nasty anyway… Google and other services could just have an ad builder package that would allow advertisers to create ads within their parameters instead of custom coding them.