Threat Name: MSIE Vector Markup Language Fill Method BO

**panhead** · May 20th, 2009, 07:12 AM

According to Norton Safeweb my site is infected with this treat on several pages:

Threat Name: MSIE Vector Markup Language Fill Method BO

Apparently Internet Explorer is vulnerable for this. What is it and what can I do about it?

**Niclo Iste** · May 20th, 2009, 08:40 AM

Did a quick search for info and Nortons website had this page about it. From first glance looks like a simple thing to fix.
http://www.symantec.com/business/sec...jsp?asid=50030

**panhead** · May 20th, 2009, 12:19 PM

From first glance looks like a simple thing to fix.

I see how to solve if you use IE, but I don't see how to solve the cause of this.

**Platypus** · May 20th, 2009, 09:30 PM

Do you get any warning of this from your Antivirus if you access the website yourself?

Do you maintain the site yourself?

My first thought would be compare the live site with your version, and see if there exists any discrepancy, presumably some added javascript, although it says it can also be done without using javascript. Assuming something that shouldn't be there is there, ie it's not a false positive, modify anything you find that shouldn't be there, see if it makes the problem go away. If it comes back, it would seem to me that either the server side is compromised, or the computer you FTP from. If it cures it for a while then happens again, it could also indicate a problem with the host's security, or your access password somehow having become known to another party.

Is it a commercial site? I have known of one situation where it appeared a commercial site had a buffer overflow exploit planted on it so potential customers would be scared away, and the site would get a bad reputation rating. The exploit didn't have to do anything, just its code being there was enough.

**NooNoo** · May 21st, 2009, 02:46 AM

Who is the webhost? Are they known for not helping you with threats like this... several are.

**panhead** · May 21st, 2009, 03:54 AM

Thank you for the answers.
I downloaded all files and checked locally (with malwarebytes, spyterminator and avast), no problems found. My provider (helderhosting.nl, linux based) is helpful, checked the server side and found no problems. The phpBB team checked the phpBB files and database and found no problems.
I get not warnings (I use Firefox) myself. The site (hydra-glide.com) is not commercial and I maintain it myself.
I checked my home computer, no problems.
So I really do not know where to lok for. There are some members who complain they get the warning if they visit my site. Probably only Internet Explorer users, but even then there must be a reason.

**NooNoo** · May 21st, 2009, 04:16 AM

Some members? OK ask them what antivirus they are using and which pages they get the message on and exactly what the message is. I don't get any warnings with IE8.

I'm thinking they have an antivirus or malware which is giving false positives.

**panhead** · May 21st, 2009, 05:07 AM

OK, I will ask.

**NooNoo** · May 21st, 2009, 06:35 AM

Is it just people using IE6?

**panhead** · May 21st, 2009, 07:12 AM

No, also IE7.

**Platypus** · May 21st, 2009, 07:58 AM

None of the locations flagged by Safeweb cause any alerts for me using my laptop, with FF3, IE6 & Avast.

**NooNoo** · May 21st, 2009, 08:47 AM

safeweb finds 11 threats on different pages for me... IE8 as well as FF3.. here

I wonder having read this whether safeweb needs to re-evaluate the site?

**panhead** · May 21st, 2009, 09:47 AM

I asked for a re-evaluation teh day before yesterday and then they found two warnings. Now 11. Wonders what it's worth. Google safe browsing finds nothing. No complaints from members today, so it really is puzzling me.

**NooNoo** · May 21st, 2009, 05:05 PM

I think you should get safeweb to provide you with exactly what is causing the warnings on safeweb. Explain politely that no one can find what is wrong with the code.