Koby Menachemi's  Instablog

UPDATE 3:15PM EDT: We're quite confident we've located the ad that is the source of the malware. We don't anticipate any further problems, but please alert us immediately at support@seekingalpha.com if you see anything suspicious. Thank you for your patience, and for helping us locate this problem.

About 10 days ago, we received a few alerts from Seeking Alpha users expressing concern about a pop-up box they experienced on SA, alerting them to "harmful and malicious software" on their computers. We immediately asked security experts we work with to investigate the source of the popup and to assess the potential danger to our users. It became clear that this is a type of "scareware" that is essentially a false alarm designed to entice users to click on it, download an unwanted program that produces more false alarms, and eventually purchase anti-virus software. A similar (if not identical) piece of scareware is described by McAfee as "low risk" for both home and corporate users, but as we take the security of our site and our users extremely seriously, we immediately began investigating its source.

Our initial search of our servers, databases and network showed no sign of hacking or malicious code. This led us to believe, as we continue to believe, that the source is outside our server base and connected to the ads we display.

After receiving additional alerts from our users, therefore, last Wednesday (8/19) we removed all Google AdSense ads, as AdSense has less direct oversight than other ads we serve. When the alerts continued, we today decided to take the more radical step of removing all ads from our site. We're closely monitoring the site and user feedback to see if we can zero in on the source and remove it as quickly as possible.

If you experience this malicious popup, please email us at support@seekingalpha.com with, ideally, a screenshot of the page from which the popup emerged.

As we progress on diagnosing the source of the scareware, I'll update this blog.