Friday, November 21, 2008

Return of Draculin

It's not the first time I have to deal with spammers, hackers and all sorts of "social engineering" ... even from ACC! hacker attack warningA long time ago one of my own students sent me deliberately several viruses from a disguised e-mail. Our SpecialKiwis websites have been attacked by spammers and spam-bots before, but this time was a nasty one! They hacked into a system file, causing all visitors coming from a search engine like google, yahoo, live, etc... to be redirected to a malware site. That's very bad, considering that most of our visitors are first time visitors coming from health related directories or web searches... and that the hacked file is ironically the one that is supposed to secure the site from attackers. This is part of the notification I got from google:
Dear site owner or webmaster,

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com
We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious
advertiser

If your site was compromised, it's important to not only remove the
malicious (and usually hidden) content from your pages, but to also
identify and fix the vulnerability.
The problem is now fixed, but I'm concerned how bad is it going to be the next time.

ciao
Bookmark and Share

3 Comments:

Anonymous hooper said...

Quick post>

Don't forget to ask google to remove the warning or it will be more damaging to the site (and the company) than the virus itself.

Ciao

7:00 AM  
Blogger Fernando Vallejo said...

Oh, yeah! I asked them to review the site after I cleaned up those files, and they removed the warning just a few hours later. I never thought they would be so quick.

And you're right, a bad warning from google may do more harm than the actual virus.

cheers

12:03 AM  
Blogger Fernando Vallejo said...

"UPDATE"

My web hosting just sent me an e-mail regarding that situation:

"In our ongoing commitment to the security of our customers, we have discovered a vulnerability located within many of our client's websites, including yours. This is a self replicating virus which is found by visiting well-known search engines. When you click on any link it may redirect you to a fake Anti-Virus 2009 website which appears to scan your system and then asks you to download the software.

We have dedicated our systems administration team to finding a solution to this and are happy to say that as one of the first hosting companies we have successfully cleaned all instances of this virus from our servers more than a week ago, and are continually scanning them to ensure your site does not become re-infected.

To illustrate the severity of the issue I would like to share some facts with you:

* 26,991 of our customers have been infected with fake Anti-Virus 2009
* 79,469 websites have been spreading the Anti-Virus 2009 infection
* 120,923 malicious files have been removed from our system

We are constantly monitoring our servers for potential threats to your website, and are proud to say that we are among the first web hosts to identify this particular problem, and have been the first to offer a resolution."


Well, I'm glad to have my hosting with them.

ciao

1:12 AM  

Post a Comment

<< Home