Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.
X

Google: Lazada.com.my Malaysia is hosting Malware

Lazada Infected by Malware Warning from Google

Lazada.com.my contains malware. Your computer might catch a virus if you visit this site. Google has found malicious software may be installed on your computer if you proceed.

WOW, Lazada Malaysia apparently has been infected with some rather nasty infection. My version of Google Chrome prompted this when I tried to visit the site today. Hope everything is alright over there in Lazada headquarters.

In fact, Google is populating it on their search results as well, must be a rather nasty one:

 

It can get really nasty trying to disinfect a site. Good luck to the guys over at Lazada, what’s more worrying if Lazada actually carried credit card and personal data, I wonder if they secured it thoroughly and whether this breach could point to something even more serious over at Lazada headquarters.

We can only wait and see.

Update 1: Digging deeper

Further checks on the Google Safe Browsing diagnostic report for lazada.com.my reports no malicious software present:

Of the 793 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-07, and suspicious content was never found on this site within the past 90 days.

So what could be the issue? Well according to Google and some searches I made, Lazada is hosted on Rackspace servers in Hong Kong, and Google have reported that these Rackspace servers were used to serve up malicious content to users:

Of the 1484 site(s) we tested on this network over the past 90 days, 9 site(s), including, for example, chinafpga.com/ourebiz.net/,devicewell.cn/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tested a site on this network was on 2012-08-07, and the last time suspicious content was found was on 2012-08-06.

Could it be that Google is wrongly penalizing Lazada just because it shares the same servers as suspected malicious sites?

We’ll have to wait and see. This could prove very damaging for a lot of sites hosted on IaaS providers like AWS and Rackspace. Especially if you can get penalize just because you’re on the same network as malicious sites.

On a flip side, Firefox users don’t see the warning, but the “This site may harm your computer message” still appears on the Google Searches.

Update 2: Problem resolved

Ok, the problem seemed to be neither the fact that Lazada was hosted on Rackspace (sorry guys!) or that it had a link to offerstation.com (an infected site).

I’m not entirely sure what the problem is, but it seems to be resolved now. Google has also updated it’s safe browsing diagnostic page to reflect the breach. Now a quick check on the Lazada.com.my safe browsing page reveals:

What is the current listing status for www.lazada.com.my?

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 811 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-08, and the last time suspicious content was found on this site was on 2012-08-07.

Whatever it was the problem looks to be resolved. I can’t help but wonder what it was…

Would someone from Lazada help me understand what went wrong here?

To view the full Google Safe Browsing Diagnostic page for Lazada.com.my, enlarge the image below:

Google Safe Browsing diagnostic page for www.lazada.com.my

  • Nelson

    Good share. I didn’t know got this “Google Safe Browsing Diagnostic page” before. As a e-commerce website owner, it is quite scary if Google Ban or penalty our website.