Clicky

badge

Saturday, May 16, 2015

Sitemeter Malware vindicosuite redirect issue

I noticed a peculiar behavior in my blog last week. Whenever I click on the link- any link, it would appear as below- some unwanted URL, beginning with x.vindicosuite.com would appear first and after a few seconds intended link will load.
At first I didn't know the cause of this, but thanks to google, realized that this issue is caused by our trusted traffic tracking utility, sitemeter.

So I disabled sitemeter tracking code and above behavior stopped.

I waited for a week hoping sitemeter will fix the issue- but no luck.
I copied latest tracking code from sitemeter website- still the behavior continues.

This malicious behavior is hard to notice unless you pay attention. Doesn't look that harmful other that gaining some ad revenue for sitemeter before taking your visitors where they wanted to go. But your blog visitors who notice this might feel this is a virus and get scared (and stop clicking anything on your blog/site), which isn't good for you.

I also read that this behavior is a bit random and may not happen all the time to all users of sitemeter. I randomly checked few other blogs where sitemeter icon was displayed-by and large they appeared to be working fine.

May be sitemeter is trying to extract its pound of flesh from users who are not bothering to upgrade even after using the free utility for several years. But this kind of undisclosed, unsolicited, secret way of monetization is not acceptable. So I have removed the sitemeter code for now. Google Analytics it will be.

If your blog or site is using sitemeter- do keep an eye for appearance of x.vindicosuite.com when you click on any link. Check at different times to be sure. If you face the same issue like I faced, solution will be to disable the sitemeter tracking code.

Have you experienced this? Any solution/workaround?

There is a complicated process to raise the issue with sitemeter, but as I understand they are not responding to questions on this. Large scale de-activation might be the only thing that can get their attention and force corrective action.

Update: Noticed similar behavior in Feedblitz RSS feed service as well. Trying to investigate more

8 comments :

Arun said...

I found the issue in my site as well about two months ago. Removed sitemeter as soon as I discovered it..

Shrinidhi Hande said...

Thanks for the comment Arun

Prasad Np aka desi Traveler said...

Could also be a local issue.. better scan ur machine too...

Shrinidhi Hande said...

@Prasad

No.. it is very clear the behavior is purely because of site meter tracking code... Multiple users have confirmed it...

it is not a virus, just some advertising trick by sitemeter

Anonymous said...

I just discovered the same behavior on my website and have now removed Site Meter. Too bad as I really liked the product due to it's simplicity.

Shrinidhi Hande said...

Agree.

Looks like even Feedblitz has started trying similar means

Anonymous said...

thanks for you insight.
I notice that google has apparently already gone ahead and disabled the sitemeter code on 2/3 blogs hosted on blogspot.com

Shrinidhi Hande said...

Ok