In the Blog
Malware warnings on the Shameless site
Update: Google’s given our site a clean bill of health, so you should no longer be getting any angry red warnings. Again, apologies for any trouble we may have caused you.
Earlier today, Google reported that the Shameless website was serving malware to our users. As a result, the StopBadware database has flagged the site as a potential attack vector, meaning Firefox and Google throw up angry warning messages before you’re allowed to visit the site.
Chances are very few people are reading this message right now, as the danger messages are still up. Yes, Shameless was indeed serving malware; the OpenX software we use to serve ads on the site (namely the banner at the top of the page and the small ads in the sidebar) had a remote vulnerability that could be exploited to inject arbitrary code. In normal-speak, this means hackers could exploit a security hole in the OpenX software to serve malware through our site.
We’ve taken down the ads for the time being, so the site should no longer be trying to infect your poor computer with bad juju. I sincerely hope no one suffered lasting effects from the attack, but if something on the Shameless site asked you to install any software and you said yes, then you will need to clean your computer. Spybot Search & Destroy and Lavasoft Ad-Aware are two widely used tools to get rid of malware; virus scanners such as Avast and Microsoft Security Essentials may also be useful.
My sincere apologies to anyone who was affected by our brief flirtation with malware distribution. Hopefully it will be the last time we have to deal with a problem like this.