Viruses, and the League Against B4L - 3 comments

As some of you have noticed, this site has gone through patches this year where page-loading has ranged from slow to impossible. Essentially this has been a result of being hit by vast numbers of requests from a very large number of other computers, tying up resources on our server. What these computers are, and why they've been doing what they've been doing has been a mystery, but the geographical distribution suggests that these machines are infected with some kind of virus, if not completely under the control of ne'er-do-wells. We know that millions of unfortunate computers are in this position, the question is: why are they attacking us?

More alarmingly, though I was rather flippant about this report, I've had another person contact me to say that accessing (certain?) URLs in their browser (randomly?) opens Bloggers4Labour instead, in a browser frame, so that the original URL is still visible in the address bar. What I haven't been able to find out, yet, is if this is the work of a specific virus or script - deliberately targetting us to waste bandwidth, annoy the PC's (Windows being the one constant in all virus reports) owner, and tarnish this site's reputation - or if it's a wide-ranging problem and the malware chooses a site from a list when installing itself a particular PC.

Nobody's yet been able to tell me how the malware installs itself, except that it - extraordinarily - seems to affect Internet Explorer 7 and Firefox 2, and the 99.x% of the population who have never visited Bloggers4Labour before (so don't use that as an excuse to stop reading!) My correspondent tells me that even a good suite of commercial anti-virus tools has failed to identify the malware concerned, but whatever it is made a "system restore" impossible. They're going to try reinstalling Windows next. All incredibly annoying.

If anyone out there has come across a similar kind of problem, can suggest what the malware might be, or indeed a fix, please let me know - thanks.

I'm not normally conspiratorial, but B4L has had a pretty rough time of late, and it's hard to believe we haven't been singled-out for special treatment somehow...

Update (15/04): I've just been tipped-off with a solution to the "virus" issue. The theory is that some virus/script/malware has, at some point, changed the proxy settings of the victim's browser, or browsers affected, to use B4L's IP address (88.208.207.99) for the HTTP proxy, and port 80.

Why us, I still can't say, but I've checked what happens if those values are used and, sure enough, visiting the BBC News site will show a B4L page, albeit a slightly mangled one. This seems to fit both test cases exactly. It's all very clever, but at the same time, pretty stupid, if you see what I mean.

So, if you're affected, go to Internet Options... in IE, or the Settings... button in the Connection section of the Network tab in Firefox's Preferences, and either clear your "HTTP Proxy", or reset it to your ISP's default. Drop me a line if you need a hand.

Update 2 (16/04): This issue is also mentioned here. Unfortunately, a snooty administrator has deleted my advisory comments, which is a bit embarrassing, but I guess wasting people's time and sending them down blind alleys is still safer - from an IT security point of view - than trusting a stranger with a suspiciously simple suggestion, who joined the forum that day. Hrmph, though.