- The Google Chrome web browser began blocking access to parts of the site and warned users that visiting the site would “very likely” result in their computer becoming infected with malware.
- “Of the 1352 pages we tested on the site over the past 90 days, 135 page(s) resulted in malicious software being downloaded and installed without user consent,” according to the Google diagnostic page.
- A PokerNews rep stated “we’re still working on identifying what the malware does. Last night 01:00 AM GMT the malware was removed and work was started to fix parts of the system which allowed the injection.”
PokerNews.com has been identified by Google as containing malware.
The Google Chrome web browser began blocking access to parts of the site and warned users that visiting the site would “very likely” result in their computer becoming infected with malware.
A thread created Sunday on the TwoPlusTwo forums notified the community of dangerous links contained on the PokerNews.com website.
Forum member “kratos” posted a link to a Google Safe Browsing diagnostic page Sunday afternoon which indicates that although the PokerNews site is not currently listed as suspicious, it has been listed as such 15 times over the past three months.
“Of the 1352 pages we tested on the site over the past 90 days, 135 page(s) resulted in malicious software being downloaded and installed without user consent,” according to the diagnostic page.
“The last time Google visited this site was on 2014-06-01, and the last time suspicious content was found on this site was on 2014-06-01.”
According to Google, the malicious software detected includes 43 exploit(s) and 4 trojan(s). “Successful infection resulted in an average of 4 new process(es) on the target machine.”
PokerNews Response
On Monday at 7:00am Eastern Standard Time, PokerNews CTO Justinas Becius addressed the community’s concerns regarding the bad links.
“On Saturday one user started posting comments which at the time looked like comments with embedded pictures. Our security software failed to flag them as suspicious because they were not distributing malware or redirecting to domains that do,” said Becius.
“Yesterday content of those comments started distributing malware, we’re still working on identifying what the malware does. Last night 01:00 AM GMT the malware was removed and work was started to fix parts of the system which allowed the injection. You may still see warnings because it takes some time for URL to be removed from blacklists.”
Becius assured forum members that security is a top priority for the website and apologized for any inconvenience.
To prevent future security issues on the site, Becius posted that “we’re tightening permissions for new accounts, introducing additional restrictions for users who often change locations and adding additional checks for content that is posted on the site.”
Spyware & Malware Removal
The TwoPlusTwo thread contains two links (provided by “afgarb187”) that are helpful in removing spyware and malware from an infected computer: Malwarebytes and Spybot.
The poster also included links to YouTube tutorial videos on how to download and install the software in order to scan for and remove corrupted files from an infected PC.