Jack Yan
Global  |  Leadership  |  Experience  |  Media  |  Videos
Blog  |  Contact
 
  You can’t beat Wellington. Follow me on Mastodon Follow me on Twitter Check out my Instagram account Follow me on Drivetribe Follow me on Tumblr Follow me on Linkedin Follow me on Weibo Join my page on Facebook Follow me on Pinterest Subscribe to my blog’s RSS feed  

 

Share this page




Quick links


Surf to the online edition of Lucire





Add feeds



Get this blog via email
Enter your Email


Powered by FeedBlitz

Enter your email address:


Delivered by FeedBurner



 

The Persuader

My personal blog, started in 2006.



« | »

24.10.2010

A weekend of malware

Autocade warning

I’m prepared to eat humble pie if one of our sites is actually distributing malware (naturally without any knowledge or action on our part). According to Google, Autocade is doing just that, as of the 23rd:

Of the 3 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-10-23, and the last time suspicious content was found on this site was on 2010-10-23.
   Malicious software is hosted on 1 domain(s), including requestbusforward.co.cc/.
   1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including globals1696.ipq.co/.

   Immediately, I did the following:

  • searched for the domain (requestbusforward.co.cc) that was the source of the malware, and found that there were accusations toward Gizmodo and Gawker of doing exactly the same thing;
  • notified people on Twitter that there could be a problem with Autocade;
  • confirmed on a machine that is infected (which we were about to nuke) that the message was correct (it happened exactly as Google stated);
  • began backing up the database of the legit data along with the images;
  • informed our web host, Rackspace, of the notice and asked for an immediate check whether the server had been hacked;
  • did a Google News search and came up empty for news about either Gizmodo or Gawker being infected (which you would expect given these are popular websites);
  • better safe than sorry, nuked the infected PC with a hard-drive format. (Thank goodness for long weekends.)

   Rackspace’s Joe Kirby reports that he has seen no hacking activity at the server end. I’ve requested a review from Google and we’re still going to upgrade Mediawiki, which Autocade is run on.
   I’m willing to keep an open mind about whether Google was accurate this time (I can confirm it was not accurate about this blog), given that the scenario could be reproduced, albeit on an already infected machine.
   It still strikes me as odd that there is nothing on Google News or Google Blog Search about an infected Gizmodo or Gawker, which you would expect to make some sort of a splash.

Related posts

Filed under: internet, technology—Jack Yan @ 12.44

One Response to ‘A weekend of malware’

  1. […] « A weekend of malware | A typeface designer’s test of the Opera browser » […]

Leave a reply