Light Dose
Flat & Minimal
  • Home
  • About
  • Services
  • Works
  • Team
  • Contacts
  • Blog
  • More
    • Login
    • Register
  • En
  • Es
  • Fr
  • De
  • Ru

Blog

All the news of our company is here...

  • Archives
    • February 2022
    • December 2013
  • Categories
    • Design
    • Uncategorized
  • Tags
    Design

Gootloader infection cleaned up

Mark Example, 27/02/2022, 0 comments

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 64 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Welcome to «Itembridge»

Mark Example, 27/12/2013, 0 comments

Your choice of «Itembridge» products is an investment in fast and efficient management of your business. «Itembridge» keeps the ideas accessible and open to everyone. We are young and ambitious, we live with the ideas of the World Wide Web creation. Every day the range of our interests is growing exponentially. We remember what happened yesterday, so today we make effective decisions for tomorrow.

Where to go on vacation?

Mark Example, 27/12/2013, 0 comments

Venice – the most amazing and most famous city in the world – a city on the water. He wins a glance. Majestic palaces and beautiful form bizarre and mysterious world, where the detached Gothic elegance the luxury of baroque. And almost everywhere heard the splash of water that bathes plinths buildings reflect the architectural masterpieces.

Read More

«The Hobbit 2» Premiere

Mark Example, 27/12/2013, 1 comments
hobbit_the_desolation_of_smaug_new-banner+(3)

The Hobbit: The Desolation of Smaug is a 2013 epic fantasy adventure film directed by Peter Jackson. It is the second installment of a three-part film adaptation based on the 1937 novel The Hobbit by J. R. R. Tolkien. It was preceded by An Unexpected Journey (2012) and will conclude with There and Back Again (2014), and together they will act as a prequel to Jackson’s The Lord of the Rings film trilogy.

Read More

Autumn 2013 Fashion trends: women’s shoes

Mark Example, 27/12/2013, 0 comments

The bright individual style is reflected through the collection of women’s shoes fall 2013. Most of designs for this season are masterfully created so each has its own character. Moreover, the choices of color, shape, and elements or material of décor are taken carefully for its creation.

Read More

  • Home
  • About
  • Services
  • Works
  • Team
  • Contacts
  • Blog
  • Login
  • Register
Copyright © ItemBridge inc.
§

‹ › ×