Often when this happens with a large site, it's because of an malware-laden ad. Typically with a smaller site, it's because the site was somehow hacked or didn't stay fully up-to-date on security patches.
Added: Looks like it was an actual hack, not just a bad ad. The Wired folks will want to make sure there's no more iframes from hxxp://zlu bob.org. Folks can use our free Fetch as Google tool to see what we see when we try to fetch a page. You can find out more about the Fetch as Google tool here: https://support.google.com/webmasters/answer/158587?hl=en
If they leave their WordPress un-patched, or have a crappy plugin installed with security holes, or their FTP info is guessed, etc, hackers drop some malicious Javascript on their sites, and the next thing you know, their site cannot be accessed in Chrome, and usually Firefox as well. Depending on what services pick-up on the bad javascript.
For me, it usually takes a day(ish) from the time we are notified of the issue, update the sites, remove the malware, install webmaster tools from Google, submit and wait for the review to be unblocked.
On one hand, this is very frustrating, but on the other hand, many small businesses would have no idea their site had been hacked without it being blocked.
The only thing I'd like to see personally is if Google were somehow able to notify the domain registrant of the block via email so they find out right away, and not after a few weeks (or longer) in some cases. Some small business owners don't check their sites very often. We like to monitor our client sites, but sometimes new clients come to us with these problems and have no idea how long they've been down.
The main page is not blocked but anything I click on is blocked.
Here is the Why page:
Safe Browsing
Diagnostic page for wired.com/2014/04
What is the current listing status for wired.com/2014/04?
Site is listed as suspicious - visiting this web site may harm your computer.
What happened when Google visited this site?
Of the 135 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-04-05, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 12 network(s) including AS31377 (AKAMAI-BOS), AS701 (UUNET), AS12989 (HWNG).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, wired.com/2014/04 did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
funny it says "Of the 20 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-03-25, and suspicious content was never found on this site within the past 90 days."
does zero count to be blocked?
-------
The website at www.wired.com contains elements from sites which appear to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Below is a list of all the unsafe elements for the page. Click on the Diagnostic link for more information on the thread for a specific element.
The wired homepage itself is fine for me, but Firefox 28.0 is blocking both of those images in your post along with any links I try to click from the Wired homepage.
Security company found a vulnerable Alexa Top 50 site where someone was able to inject XSS code in the comments section creating "DDoS Zombies" of the visitors.
I just tried to go there using Chrome on Ubuntu and I got a malware warning: "Content from www.wired.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware."
Exploiting programming errors in the browser is one way.
Because browsers are written in very unsafe programming languages (C++), bugs are regularly exploitable so that by specially crafting the bug-triggering input data they can be fooled to scribble content-controlled data inside the browser's memory space. For example, a memory handling bug might let the page overwrite some of the browser's code with data coming from the web page.
This lets the web page break into your computer, running arbitrary code of its choosing on your box.
Browser plugins can be similarly targeted instead of the browser itself.
having hacked websites serve infected or specially crafted files that exploit 0 day bugs is a very common vector actually. like 0 day PDF reader bugs - they spread by being linked to in phishing emails for example. people click on them and boom they load a bad PDF and are drive by infected.
specially crafted jpgs and gifs have also been used to exploit overflows in image handling code.
[+] [-] Matt_Cutts|12 years ago|reply
Added: Looks like it was an actual hack, not just a bad ad. The Wired folks will want to make sure there's no more iframes from hxxp://zlu bob.org. Folks can use our free Fetch as Google tool to see what we see when we try to fetch a page. You can find out more about the Fetch as Google tool here: https://support.google.com/webmasters/answer/158587?hl=en
[+] [-] dpcan|12 years ago|reply
If they leave their WordPress un-patched, or have a crappy plugin installed with security holes, or their FTP info is guessed, etc, hackers drop some malicious Javascript on their sites, and the next thing you know, their site cannot be accessed in Chrome, and usually Firefox as well. Depending on what services pick-up on the bad javascript.
For me, it usually takes a day(ish) from the time we are notified of the issue, update the sites, remove the malware, install webmaster tools from Google, submit and wait for the review to be unblocked.
On one hand, this is very frustrating, but on the other hand, many small businesses would have no idea their site had been hacked without it being blocked.
The only thing I'd like to see personally is if Google were somehow able to notify the domain registrant of the block via email so they find out right away, and not after a few weeks (or longer) in some cases. Some small business owners don't check their sites very often. We like to monitor our client sites, but sometimes new clients come to us with these problems and have no idea how long they've been down.
[+] [-] dannyr|12 years ago|reply
I get notified via email when Google finds any issues on my site.
[+] [-] jimhefferon|12 years ago|reply
The main page is not blocked but anything I click on is blocked.
Here is the Why page:
Safe Browsing Diagnostic page for wired.com/2014/04
What is the current listing status for wired.com/2014/04?
What happened when Google visited this site? Has this site acted as an intermediary resulting in further distribution of malware? Has this site hosted malware? How did this happen? Next steps:[+] [-] mef|12 years ago|reply
Screenshot: http://cl.ly/image/1m3g3L2v3w3C
[+] [-] tijs|12 years ago|reply
"WIRED: @Freakonomicss @hoffin205 Yeah, we had a technical issue this morning, but our tech team fixed. Waiting for @googlechrome to clear us"
https://twitter.com/wired/status/452490353283588096
[+] [-] lukeschlather|12 years ago|reply
The page essentially says "We believe this page is suspicious, and we have no evidence to back up that claim."
EDIT: They must have updated it/ busted a cache. The page is now reporting some evidence.
[+] [-] th3iedkid|12 years ago|reply
[+] [-] fragmede|12 years ago|reply
[+] [-] marcusr|12 years ago|reply
[+] [-] psykovsky|12 years ago|reply
[+] [-] higherpurpose|12 years ago|reply
[+] [-] bunni|12 years ago|reply
[+] [-] jw2013|12 years ago|reply
------- The website at www.wired.com contains elements from sites which appear to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Below is a list of all the unsafe elements for the page. Click on the Diagnostic link for more information on the thread for a specific element.
Malware http://www.wired.com/playbook/wp-content/uploads/2013/07/soc... Safe Browsing diagnostic page
Malware http://www.wired.com/playbook/wp-content/uploads/2013/06/bik... Safe Browsing diagnostic page -------
I wonder what's wrong with these two pictures?
[+] [-] JohnTHaller|12 years ago|reply
[+] [-] Stormcaller|12 years ago|reply
[+] [-] jcrites|12 years ago|reply
The safe browsing diagnostic page shows no negative current or previous reports for wired.com despite describing it as suspicious:
http://safebrowsing.clients.google.com/safebrowsing/diagnost...
> What is the current listing status for www.wired.com? This site is not currently listed as suspicious.
> Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days.
[+] [-] aslewofmice|12 years ago|reply
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zo...
Security company found a vulnerable Alexa Top 50 site where someone was able to inject XSS code in the comments section creating "DDoS Zombies" of the visitors.
[+] [-] btian|12 years ago|reply
[+] [-] danielweber|12 years ago|reply
[+] [-] leephillips|12 years ago|reply
[+] [-] podperson|12 years ago|reply
[+] [-] JohnTHaller|12 years ago|reply
[+] [-] bingofuel|12 years ago|reply
[+] [-] tensenki|12 years ago|reply
[+] [-] ghaff|12 years ago|reply
[+] [-] kanche|12 years ago|reply
Blocked in Chrome Version 33.0.1750.154 m
Not blocked in ie11, Firefox 20
In my Mobile (HTC One M7 4.4.2):
Neither blocked in Chrome(33.1) nor in the stock browser
Doesn't Android Chrome support malware detection?
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] sgy|12 years ago|reply
[+] [-] AzAngel|12 years ago|reply
[+] [-] Jamie452|12 years ago|reply
Is this typically through Java Applets/other plugins?
[+] [-] zurn|12 years ago|reply
Because browsers are written in very unsafe programming languages (C++), bugs are regularly exploitable so that by specially crafting the bug-triggering input data they can be fooled to scribble content-controlled data inside the browser's memory space. For example, a memory handling bug might let the page overwrite some of the browser's code with data coming from the web page.
This lets the web page break into your computer, running arbitrary code of its choosing on your box.
Browser plugins can be similarly targeted instead of the browser itself.
[+] [-] barkingcat|12 years ago|reply
specially crafted jpgs and gifs have also been used to exploit overflows in image handling code.
[+] [-] yaur|12 years ago|reply
[+] [-] emeraldd|12 years ago|reply
There are in number of ways for nasty things to happen just by visiting a page.