Gawker’s Cityfile Is Infected

cityfile07272010a.png
Journalists looking to brush up on biographic information on New York’s media and other elites should exercise caution. According to Google’s “safe browsing” diagnostic software, Gawker’s Cityfile site has been listed for “suspicious activity” that has resulted in malicious software being downloaded without user consent.

Says Google:

Of the 286 pages we tested on the site over the past 90 days, 186 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-07-27, and the last time suspicious content was found on this site was on 2010-07-27.

Malicious software includes 8 exploit(s), 5 scripting exploit(s), 5 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Google says that Cityfile is neither a host or an intermediary for distributing malware. However, “In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.”

From Google’s further reading on hacked sites:

If your site has been infected, it is generally because some vulnerability has allowed a hacker to take control of your site. The hacker may change the content of the site (for example, to add spam), or add additional pages to the site, usually with the intent of phishing (tricking users into parting with personal and credit card information). Alternatively, they may inject malicious code (malware) — for example, scripts or iFrames that pull content from another website that tries to attack any computer that views the page.

Last week, Gawker got in a fight with contributors to the 4chan message board following Gawker’s coverage of 4chan’s harassment of an 11-year-old girl. The 4chan attack included efforts to harass Gawker writer Adrian Chen and resulted in brief disruptions of Gawker sites. No word yet on whether there’s a connection between the 4chan attack and Gawker’s current Cityfile troubles.

We’ve reached out to Gawker for an explanation of the problem and will update when we hear back.

Update: Gawker editor in chief and former editor and publisher of Cityfile (before Gawker bought it in February) Remy Stern says, “Yes, it seems Cityfile.com was hacked recently. We’re not sure if it’s connected to the recent efforts to hack Gawker (http://gawker.com/5592050/4chan-hackers-attack-gawker-again), but our tech team is looking into fixing the problem and removing the malware.”