|
Update...
Here's what I think is happening, and why we're having difficulty solving the problem thus far.
I believe the offending javascript containing the redirect to the windows-defense website (which causes the popup alert) is included with the js code being sent to dynamically display ads.
Our non-Google ad provider acts as a "distributor" for javascript ad code from trusted 3rd parties. They've received a few other reports of this redirect problem from other partner sites, but haven't been able to identify a source. So we can't track down which party might have been compromised.
The biggest problem is the random & very infrequent nature of the redirect. I've only seen it 2x myself after probably thousands of pageviews. (I think it's likely programmed to be random.) On top of random ad rotation from randomly selected 3rd parties, you can see how vanishingly small the redirect occurs for an individual user, relative to the number of EM pages viewed.
In addition, on my machine, I saw windows-defense.com set a cookie when I experienced the redirect. It could potentially be using the cookie to determine whether or not the redirect occurs (I deleted mine).
We like the ads (they help pay bills!). We want to keep our ad provider. But we need to sort this out. Obviously it's not acceptable to just ignore it. At best it's an irritation to EM users (myself included); at worst, someone might be tricked into installing the malware Antivirus 2009 program.
A potential solution for us would be to actually capture/log the offending javascript. It may contain identifying information that might point to a 3rd party advertiser that has been compromised.
I'll admit I don't know how to do that.
Can anybody suggest how?
|