Hello all, your friendly Ozblogistan Tyrant here, abusing my multisite posting powers.
This morning I received two independent reports of trojan warnings being given for two different Ozblogistan websites.
After investigation, I have determined that the server was automatically compromised, presumably by a brand new attack (since we just 2 days ago updated to WordPress 3.4.1), and a trojan inserted into various parts of WordPress.
I have identified and replaced the affected files with clean copies, and you should see no more warnings.
Those who want the gruesome details can learn more.
5 Comments
Thanks for fixing, Jacques!
Hi Jacques. It says something of my regard that when I got this message at about 4 this a.m. I didn’t bother reporting it ’cause I figured you’d be on the case, and didn’t need re-telling.
avagoodone!
What was the virus going to do? I’m always bemused by these things, so having someone around who does understand them is seriously useful!
No idea; as I said it was obfuscated. I once decided to dig into one and it took me hours to actually find out what it did. This time I decided to play the CBF card.
Generally though, they load various pieces of malware meant to infect your PC. Once this is achieved it gets connected to a botnet, and in turn the botnet is rented out for other purposes (such as sending spam or performing denial of service attacks).
I have lost my husky gravatar! What’s going on?