Malware On My Website - Where Is It Coming From?!

So I get a message today from users that they are getting warning pages from google, and then I see one for myself.

Details below:

What is the current listing status for
This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 29 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-03, and the last time suspicious content was found on this site was on 2010-01-02.
Malicious software is hosted on 6 domain(s), including,,

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including

This site was hosted on 2 network(s) including AS32181 (ECOMD), AS21844 (THEPLANET).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Does anyone have any idea where this malware problem would be coming from? I use TribalFusion, ValueClickMedia, Adsdaq, RightMedia, ADBrite and Google Ad Sense.

Is it being hosted on a shared server?

There are two possible sources for malware.

  1. One of the scripts you are using contains a security hole that is being exploited to insert the malware.

  2. Your own computer is infected with a virus or similar that is allowing the malware to be added to files that you are uploading.

Shared hosting usually have security in place that prevents malware on one account being able to access other accounts so the malware getting onto your site that way is extremely unlikely compared to the main two ways.

The first step in resolving the malware issue is to work out how the malware is getting in and make the changes needed to stop it from being able to get back in. Once you have done that then you can remove the malware knowing that the removal will be permanent.

Are you running the latest versions of all the scripts you listed? If not then the old version of whichever script you haven’t kept up to date would be the most likely source.

Possibly a dodgy ad appeared on the site if you’re a member of an ad network.

I don’t notice anything presently, maybe the malware is gone, which would be a great thing since I like WWE so much

Argh its happened again:

Malicious software includes 30 trojan(s), 6 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 21 domain(s), including,,

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including,

This site was hosted on 2 network(s) including AS32181 (ECOMD), AS21844 (THEPLANET).

I use TribalFusion > ValueClickMedia > AdsDaq > Right Media Exchange.

The Right Media Exchange networks are: Bannerconnect Network, .Fox Networks (Global), Rydium, Xtend, Oridian, Morning Falls and Meta Network with STRICT Media Guard.

I also use an interstial ad from adbrite and google ad sense.

With my ad networks, the audio, popups etc. are also disabled.

Any ideas

Hey I have a dedicated server and don’t really use FTP or anything to upload files etc. myself so I doubt it is this. I also have no kind of malware on my own machine.

I use WordPress.

Grab yourself some security enhancements and [URL=“”]upload guardian

Right Media Exchange is the most suspicious for the malware ads

Thanks for the suggestions guys. I have completely removed RME.