sharebuttons by addthis virusComputers and tech 

Sharebuttons by Addthis: is it really a trojan?

Sharebuttons by Addthis is a WordPress plugin that lets you put those little floating share icons on your webpages. It’s incredibly easy to use and looks great, which is why many sites running WordPress have activated this plugin.

UPDATE: Addthis has confirmed that indeed, it’s a false alarm and a mistake on ESET’s part. Please update your virus definitions if you have ESET’s antivirus and the problem should be fixed. See this link for updated information.

But last week, something happened to Sharebuttons, which is not good and everyone should take into consideration.

Sharebuttons by Addthis, when it runs, calls up one of Addthis’ websites: s7.addthis.com. According to Addthis support, this call to the website is done in order to sync data with the servers. Strangely enough, the call to the website is made regardless of whether or not the user decides to share information with Addthis, via an account on their service.

Several users had complained to Addthis (for example I found this message on the WordPress plugin’s support forum), and well, Addthis didn’t do much.

Well, last week it all seems to have backfired, because ESET Antivirus did an update, and now it doesn’t like what Sharebuttons is doing. That call to “s7.addthis.com” and the addthis_widget.js file, is now classified by ESET Antivirus as a threat, and you get a Trojan warning whenever the WordPress plugin runs on a website:

sharebuttons by addthis virus s7.addthis.com
Got this virus warning on the Krion website. Krion is a really big kitchen countertop manufacturer. Uh oh.

I’ve been getting this warning all over the internet, on several very big commercial websites that run WordPress and, not surprisingly, also run Sharebuttons by Addthis. According to ESET, the plugin is trying to download the “TrojanDownloader.Pegel.BH” virus to your computer. The antivirus throws the warning and stops the connection.

Is Sharebuttons by Addthis a virus?

Given that ESET is a very trusted and reliable antivirus lab, it’s best to pay attention to this warning.

Years ago, Sharebuttons by Addthis had a similar problem and started generating the same trojan warnings. Turns out it was a false positive, there really was no trojan involved, and Addthis patched the plugin to make it behave. But…

Don’t just ignore the warning, take action now!

Regardless of what might be wrong in this case, and whether or not it’s a false alarm, you should take action on your websites immediately! If you value your users and traffic, deactivate Sharebuttons by Addthis right now. Don’t just “ride it out” and see what happens, because what happens might not be good at all.

The first reaction a user has when they get a virus warning from a website, is to run. They don’t ask what’s wrong, they don’t look to see if it’s a false alarm, and they most certainly won’t ask you anything. They’ll leave your website and never come back.

What’s worse, if several users try to access your website and trip a virus alert, their office firewall may very well block you. And if that firewall is connected to a security network, you may end up blacklisted on antivirus websites… all thanks to a little misbehaving plugin.

And don’t forget, the Google police are never too far behind when it comes to malicious websites: they shoot first and ask questions later. Something this serious, if it catches the attention of Google, is bound to get your websites penalized and classified as “infected”.

And that pretty much means your website goes to hell. If you make the Google infected sites list, kiss your traffic goodbye.

Addthis, fix it now!

It really is a shame to see something like this happen. The Sharebuttons plugin is wonderful and looks great on a website. But that darn call to “s7.addthis.com” just messed it up for everyone. Whether or not there’s a real virus in there, personally I’m not taking any chances… I’m pulling Sharebuttons by Addthis off my websites until a solution is reached. And I suggest everyone else do the same.

Related posts