Aussie site blacklisted for hosting malware

Australia's largest bargain shopping website, DealsDirect.com.au, has been blacklisted by Google and major internet browsers after it was found to be hosting malware.

The site sells a broad range of goods including kitchen items, furniture, computers, electronics, jewellery, tools, fitness equipment, alcohol, manchester, musical instruments and toys.

People visiting the site using Firefox, Google Chrome and newer versions of Internet Explorer were warned that "visiting this site may harm your computer" because it "appears to host malware".

Visitors who tried accessing the site via Google's search engine were also prevented from entering by a malware warning.

The messages were still popping up at lunch time today but DealsDirect spokeswoman Elisha Booth said the malicious code had been removed.

She explained that the third-party software that serves ads on DealsDirect had been "compromised" and was found to be serving malware.

A Google Australia spokeswoman confirmed this, saying "the website or the server that it runs on probably has a security vulnerability, most likely from some out-of-date software".

"That vulnerability has been exploited and malicious code has been added to the site," she said.

"Google has automatic scanners that are constantly looking for these sorts of web pages, and they're highly accurate. The automatic scanners make unbiased decisions based on the malicious content of the pages."

Booth said any risk to users from visiting the site had been removed and DealsDirect was working with Google to remove the block on the site.

It's not clear whether any users were infected after visiting the site.

Exploiting holes in third-party software is a popular tool used by hackers to place malicious code on trusted, popular websites.

In October last year, DealsDirect's parent company, Auction Alliance, agreed to an enforceable undertaking with the Australian Competition and Consumer Commission over concerns surrounding its warranties and returns policy.

The regulator found the policy contained misleading and false information about consumer rights.

It found consumers with faulty or damaged goods were only entitled to a remedy if they made a claim within 30 days from the date of dispatch, and no further warranty was available.

Customers were forced to pay shipping costs incurred in returning the faulty goods to DealsDirect and with some products there was no warranty at all, forcing consumers to deal directly with the supplier or manufacturer.

The company admitted its warranties and returns policy contained false and misleading information and agreed to amend it accordingly.

- © Fairfax NZ News