Firstly I want to make it clear that we are taking this matter very seriously. We really don't want this happening to our users and are doing everything we can to work out ways of stopping it.
Short of our site being hacked there are two ways that malicious code can get displayed on our site.
- Ad networks distributing malicious code
- Users posting embedded content from sites that are hacked or deliberately distribute malicious code
The user embedded content issue appears less common and is easier to deal with as Google sends us instant reports if it finds any embedded code of compromised sites. We remove the content asap.
The ad networks issue poses a more complex problem.
We are trying to deal with it by working with the ad networks to identify malicious ads and passing on your reports. However, the source of malicious code can be difficult to track and even when one source is identified it does not prevent the problem from cropping up from another source.
Regarding the assertion that this is a Singletrack only problem, I'd have to disagree. A quick google will show that the exact same issues are appearing on a multitude of sites. The common factor is that all these sites use ad networks. What users may be seeing is a symptom of the bidding system that underpins ad networks.
If a user comes to our site for the first time or having not visited in the last 24 hours the will initially be shown high paying ads and our contracted bike industry ads. The more pages a user views the less valuable they become to the ad networks and the lower the bid drops. Malware distributors are not likely to pay large amounts to show their ads and they are likely to have more success hacking the networks of smaller advertisers. Therefore the more pages you view on one site, the more likely you are to see malicious code. Unfortunately, this means that our regular users are most affected.
With all of the networks that we work with, we have set a minimum price below which we will not accept ads. The exception to this is the Google Adsense network which does not allow us to set a minimum price. It is difficult to know how successful this policy is as we do not know how many malicious ads we have not displayed (if you follow my meaning).
Regarding Premier users with ads turned off seeing malicious code, there are two potential causes. It could be user generated embed content as mentioned above or it could be that their login cookie has expired and they've been logged out. I've yet to see any screenshots from a user with ads turned off experiencing malicious code issues. If It happen to you please do send details to firstname.lastname@example.org
somouk: Can you send me details of your browser and device so I can test.
We're continuing to research this problem and will implement anything we can to improve the situation. In the meantime I would recommend you install anti-virus software on your device to mitigate the problem.