Virus Problem **Updated Topic - 1/12/2010**

This is the official forum post for the virus problems some users are experiencing with our ad networks.  From now on please post all virus reports here.

One or more of the ad networks that serve advertisements on the site has been loading ads that are infected with a virus.  We have been monitoring the situation for almost two weeks now, working with users to identify the infected networks, and then shutting them down from our ad rotation.

Despite our best efforts, the Instructables Staff has not been able to reproduce the problem locally, either because the viruses are appearing in only certain geographic areas, or because we work on Macs.  As a result, we've been relying on users to help us identify the problem and target the infected ad networks.  Please understand that we are not serving these ads intentionally, nor is there a virus on Instructables directly, or our servers, and that we are doing everything possible to shut down the suspected ad networks that are causing this problem. 

Here's what we know so far

The virus appears to be what Microsoft calls a Rogue Antivirus.  It basically tricks users into thinking that their computer is infected with a virus, when their machines are in fact just fine.  A fake virus scan window alerts users that their computer is infected.  Once alerted with this news, users are misleadingly encouraged to install malicious software on their machine.  The alerts seem to pop up after users are redirected away from Instructables, sometimes immediately after loading a page on the site, or in some reports, just from users dragging their mouse over the ad spot.  The problem appears to have only effected a very small percentage of our users, as hundreds of thousands of people visit the site each day and only a few dozen reports have come in over the last two weeks.

What to do

Don't click on any links that instruct you to install software onto your machine.  Update the definitions for your virus program and install the latest updates for your operating system.  If you should experience any of these redirects or virus screens, please read the section below about how you can help us, and post your information to this forum topic.

How you can help

If you see a pop-up warning you that you are infected, or if you are redirected away from Instructables and onto another page that triggers a virus alert, take a screen shot (command + shift + 3 in mac; print screen button in windows) close the page down, and then come to this forum topic and post as much as you can describing what you were doing before the problem happened, what happened when the virus attacked, and what you did to fix the problem.

Please include the following details with your post if possible - the following information is necessary for us to identify which ad network the virus is coming from:
  • any ads serving on the page that you remember
  • description of malware
  • the URL of the page on Instructables you were viewing
  • direct URLs of malware
  • screenshots
  • city, state and or country you are located in
  • what operating system and browser you are using
If you have Firebug installed, you can use it to inspect the problem pages and gather even more information which you can post to this topic.

Previous forum topics about this problem include "Ad-Problem",  "Virus on Instructables" and "instant start virus alter programme".  While these forum topics are still useful in identifying the problem, we need to congregate all new reports here with the bulleted information above so we can gather the necessary facts to pass along to the ad networks to start attacking this problem as aggressively as we can.

I've aggregated offline screen shots, emails, and other useful comments below that contain useful clues to get the ball rolling.

Please accept our deepest apologies for this unacceptable frustration and continue to work with us so we can completely eliminate this virus problem our ad networks.

****1/12/2010 Update****

There's reason to believe that the virus could have infected your browsers cache, and thus be re-infecting your computer from there.  As per the instructions given in the New York Times Article "What to do if you saw an antivirus pop up ad" please follow the steps below before posting any new virus reports on this forum thread so we can be sure that your computer is not repeatedly infecting itself regardless of the state of the site.

1) Close the screen
2) Clear your browsers cache (directions here)
3) Scan computer with a legitimate anti virus software
4) Run any and all updates to your operating system

If you are then still seeing warning messages and pop ups about the malware, then please do let us know so we can continue to track and fight this problem.

We've shut down all of our ad networks that aren't absolutely essential to the running of the site and are working with the last two remaining networks to troubleshoot this problem.  All data shows that the ad networks are responsible for the virus attacks that many sites have been experiencing around the web recently (this is not just a problem on Instructables ), and we've got to take the fight to them to effectively stop the attacks.

Picture of Virus Problem **Updated Topic - 1/12/2010**
Screen shot 2010-01-06 at 9.09.50 AM.jpeg
sort by: active | newest | oldest
1-10 of 87Next »
noahw (author) 7 years ago
Not that this is an excuse for the virus problem that Instructables was experiencing a few months ago, but it's nice to know that at least it wasn't just us...

Malware delivered by Yahoo, Fox, Google ads

"Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.

Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times and conservative news aggregator Drudge, and this year on Drudge, TechCrunch and The practice has been dubbed "malvertising."

Now, researchers at Avast are pointing fingers at some large ad delivery platforms including Yahoo's Yield Manager and Fox Audience Network's, which together cover more than 50 percent of online ads, and to a much smaller degree Google's DoubleClick. In addition, some of the malicious ads ended up on Yahoo and Google sites, Avast claims.

"It's not just the small players but the ad servers connected with Google and Yahoo have been infected and served up bad ads," said Lyle Frink, public relations manager for Avast..."

ewilhelm7 years ago
Thanks everyone for your patience and help!  Tracking this down has been a real nightmare, and we still haven't seen the issue ourselves, which makes fighting particularly difficult. 

If you are able to consistently see it, could you install the Live HTTP Headers add-on for Firefox, set it to capture the headers while you browse Instructables, and send us the results once you see the virus warning?  All other reports are helpful, but this is the only sure way we'll be able to isolate and nail it. 
grundisimo6 years ago
It's been a while since anyone was on here but i just got attacked on this very page.
Virus proof.bmp
IT says Trojan horse blocked in the red box.
Hopefully this is a better picture.
kikazz7 years ago
wow seeing this... a computer virus is just like a real one... sometimes it can even cause panic in a mad scramble to find it and then figure out how to kill it.
 Giant guide is infected.

Ads: Restaurant City, Quaker
 The popup said

Windows wants your permission to install antivirus software. 
Allow, Don't Allow
KnexFreek7 years ago
 Please help, Im having troubles with my pro account. I am a pro member, i bought the 2 year 40$ plan in january this year. But, i get tons of ads. Advertisements on every single solitary page i click on. They are big ads that pop up and they just are not going away. The ads themselves are broken too, when i click on the "x" in the corner to close the ads, they close and immediately re-open. I have yet to log onto ibles without being bombed by ads. its ridiculous. its not like every now and then. it is every single page i click on. even right here on your profile page.  
Please help.
KnexFreek7 years ago
 if you hazz a mac then this wont happen. problem solved.
1-10 of 87Next »