Hacked again

By Jacques Chester

Hello all, your friendly Ozblogistan Tyrant here, abusing my multisite posting powers.

This morning I received two independent reports of trojan warnings being given for two different Ozblogistan websites.

After investigation, I have determined that the server was automatically compromised, presumably by a brand new attack (since we just 2 days ago updated to WordPress 3.4.1), and a trojan inserted into various parts of WordPress.

I have identified and replaced the affected files with clean copies, and you should see no more warnings.

Those who want the gruesome details can learn more.

5 Comments

  1. kvd
    Posted July 2, 2012 at 1:14 pm | Permalink

    Hi Jacques. It says something of my regard that when I got this message at about 4 this a.m. I didn’t bother reporting it ’cause I figured you’d be on the case, and didn’t need re-telling.

    avagoodone!

  2. Posted July 2, 2012 at 2:45 pm | Permalink

    What was the virus going to do? I’m always bemused by these things, so having someone around who does understand them is seriously useful!

  3. Posted July 2, 2012 at 3:11 pm | Permalink

    No idea; as I said it was obfuscated. I once decided to dig into one and it took me hours to actually find out what it did. This time I decided to play the CBF card.

    Generally though, they load various pieces of malware meant to infect your PC. Once this is achieved it gets connected to a botnet, and in turn the botnet is rented out for other purposes (such as sending spam or performing denial of service attacks).

  4. Posted July 2, 2012 at 3:25 pm | Permalink

    I have lost my husky gravatar! What’s going on?

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*