The Danger of Remote Widgets – Sold and Now Distributing Malware

Do you like to add all types of “widgets” and cool badges to your site? Be careful which ones do you choose, or your site may get compromised. Be specially careful if the widget vendor sells the technology and doesn’t inform its users. Why, you may ask?

Recently, a popular widget site (feedcat) was sold on flippa. Out of nowhere sites that had their code embedded started getting redirected to random sites, get annoying pop up ads, and distributing malware.

This little piece of code was doing it:

<script src=";bmode=b83x16&amp;ilng=en&amp;section=”..

So, if you’re one of the 300k sites using feedcat, remove it now. If you are seeing weird pop ups or ads on your site, check to make sure you don’t have it installed.

If your site is currently redirecting to an Amazon site and getting stuck there you probably have the feedcat code on your site:

You can use our free scanner to see if your site has it:

Let us know if you have any questions.


Other people are complaining about it too.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • Feedcat

    Starting 20.07.2011 turned the free service into an ad sponsored one.

    A newsletter has been sent to all publishers informing about this changes.

    Please see Terms of Service, point 8:

    “By using and placing the button code on your website, you grant the right to serve ads (popup ads, interstitial ads, exit ads) on your website. will serve no more than one ad per unique IP every 14 days.”

    • Guest

      are you f#$^ing kidding me?  how ridiculous!  will definitely remove this widget now

    • Guest

      you know, you’ve really cost me thousands in losses just in one month with your damn ads and surveys that were being shot at my clients.  what your service did was hijack my website and basically send any NEW visitor to your ad sites and surveys.  you even drop a cookie so that the redirect doesn’t affect returning visitors (but damage has already been done and i’m sure no one would come back after having that first experience).   You guys suck!

    • UsedCarpetCleaning

      LOL Feedcat = deadCat.  Take your crappy spammy services elsewhere, Mr. I’ve Owned FeedCat for one month and have scared away all the customers.”  There was no newsletter, no warning, no nothing. 

  • Limousine Services WorldWide

    Like i said in a different post on a different forum, I’ve detected the hijack 2 weeks into it after losing a great amount of clients/customers and the numbers in my analytics and server logs were not making sense (great traffic but less than 5 seconds on the site and a high bounce rate!). 

    either way, I contacted feedcat’s tech support in which one of their developer had assured me that the issue has been resolved.  Is anyone still experiencing any issues related to feedcat?  If so, please DO TELL! 


    In behalf of I want to say we are sorry for the incident this may have caused. 

    You can rest assured such behavior won’t happen in the future and the popup ads have been removed.


  • stanchfi

    Thanks, I’ve been trying to find the root of the unwanted pop-ups for months!!! 

  • Pingback: W is for WordPress (continued) Widgets and for Weekday Blogging in May | Reason Creek - Commentary on Important Stuff()

Share This