Google says no malware was detected on AD, and that it will take some time to remove the malware warning some of you guys were getting when visiting the site.
Thanks for your patience, guys.
Technically, this guy is only mostly right. The malware wasn't ON the AD web site. It came
through AD. Google doesn't put malware on the site. The people who actually own the site (the hosting service), and/or the people who administer the site can unknowingly allow malware, or place malware on the web site.
You really need to know what you are doing to prevent this, and if the hosting service that the web site owner(s) use, or the owner(s)/admins aren't doing what they need to prevent it, then you WILL have malware. Maybe not on the web site itself, but most certainly coming through it. AD was relaying malware, and it will again if the admins and/or hosting service do not (or won't) take the necessary measures to prevent it.
This is difficult because it can mean giving up (or substantially curtailing) ad revenue. It can also mean increasing costs by disallowing any and all 3rd party content and/or embedded redirects.
Really.. the only way to prevent malware on a web site 100% is:
1. Host everything yourself on your own server (no 3rd party anything). This can be expensive just in terms of storage costs, but it also involves filtering and scanning all uploaded content and securing the code that brokers the process of uploading content (links, images, etc. from users).
2. Run NO ads that you do not manually create or filter yourself.
3. Apply a plethora of security best practices from the web server code itself, to all of the web content, scripting, and data handling. This is in addition to actively filtering cross-coupled services (e.g. smtp/ftp/http) at or near the OS level, etc.
I could go on and on, but for the users: It's not you. It's the Internet. Your A/V software, and your browser - if you happen to have one that automatically references blacklists like Google's reputation service - are working correctly.
Good luck!
