Comments on: Malware Virus & What You Should Know About It

By: attorney optimization

attorney optimization — Fri, 22 Jan 2010 13:43:02 +0000

Avast has detected a malware virus on my computer i have already placed it in the virus vault? Is it safe to delete it?

By: Moms Cash Blog

Moms Cash Blog — Fri, 01 Jan 2010 01:30:35 +0000

Ron, excellent ideas where were you when I needed you?? If you ever care to do a guest post more in-depth I would certainly publish it as I know there are tons of bloggers/website owners who could use this valuable information that you seem to know. Thanks so much for stopping by my blog and leaving such an informative comment it is greatly appreciated. Have a Happy New Year! Hope to see you here again soon. JJ

By: Ron

Ron — Thu, 31 Dec 2009 19:03:46 +0000

I agree that malwares are getting much more complex now days. quite frankly its getting harder and harder to detect these things.

A few useful things wordpress bloggers can do to further protect their sites is:

1. Install the Login lockdown plugin – This will prevent brute force attacks on your wordpress login page.

2. create a blank index.html file and put it in your plugin directory – this will prevent people from seeing what plugins your using by typing an address in their web browser.

3. chmod your wordpress files – your user account should have read, write, and execute, the system should have read and execute, and the public should have read only..by default, most hosts are not set up this way. This can help make it harder for hackers to inject code into your wordpress files.

there are other things you could do as well, but these 3 steps will help out a ton.

good post, keep them coming

By: Comforpedic

Comforpedic — Tue, 08 Dec 2009 20:01:37 +0000

Ah, I had been wondering what causes that “Reported Attack Site” message. But I had no idea it’s this complicated to solve, I just thought it meant that there was something not-quite-innocent about the way the site was coded or something. Good information… -Susan

By: The Free Money Man

The Free Money Man — Fri, 13 Nov 2009 23:09:40 +0000

I really hate malware and spyware. Thanks for the heads up and the techniques to combat them. Much appreciated!

By: Wholesale Liquidation

Wholesale Liquidation — Wed, 11 Nov 2009 22:34:26 +0000

I think JJ has given up on blogging –

Oh where Oh where has JJ gone?

Oh where, oh where can she be?

By: TriNi @ Make Money Online Free

TriNi @ Make Money Online Free — Mon, 02 Nov 2009 20:54:27 +0000

Hey! Just found one of your videos from youtube.. the one that was talking about SurveySavvy and I thought I’d stop by and check out your blog. I’m also into the make money online world.. into survey sites and all that.. looking to keep learning and find new ways to earn!

I really like your blog and I can see you’ve put alot of effort into it.

I also have a blog.. hopefully you stop by and visit as well.

Anyway.. wanted to wish you best of luck, and I read a post a little lower down where you were in a coma and all that. Wow life can be so unpredictable huh? Hope you’re much better now and keep up the great work on your blog!

TriNi

By: Adam

Adam — Mon, 26 Oct 2009 19:12:30 +0000

great info JJ!

By: jj-Moms Cash Blog

jj-Moms Cash Blog — Tue, 20 Oct 2009 04:18:49 +0000

Hey David, Thanks for dropping by and I’m glad you found it interesting. It is useful information… for sure!

Batching System, I’m glad you found this info. useful to you and your website and yes we all have to watch out for any of the signs that Plin has mentioned here in his post. Better to know and learn about it now before one gets hit by the deadly virus!! It’s not fun I can tell you that much and a lot of work just to get back online. Thanks for dropping by. jj

By: batching system

batching system — Mon, 19 Oct 2009 20:38:43 +0000

Thanks for this useful information. I also use WordPress on a shared hosting account so I know I’ve got to watch out for this too.

By: David Shaw

David Shaw — Wed, 14 Oct 2009 16:38:33 +0000

Very interesting post!

Thank you very much!

By: Moms Cash Blog

Moms Cash Blog — Tue, 13 Oct 2009 16:26:48 +0000

Thanks for stopping by and I’m glad that this information may help you or anyone out there beware of what Malware Virus is & what it can do to one’s blog.

By: dasir

dasir — Mon, 12 Oct 2009 19:12:29 +0000

thank ya..this information is very important for me..good luck..

By: plin

plin — Mon, 28 Sep 2009 03:56:41 +0000

Hi Thomas,
Thanks for the additional information regarding FTP!

By: Laura-Whateverebay

Laura-Whateverebay — Sun, 27 Sep 2009 21:01:15 +0000

This is a must read for anyone using computers. All my work is from website (eCommerce) blogging where malware could cripple my business. Thanks for getting the research done for the rest of us.

By: vinay

vinay — Sun, 27 Sep 2009 04:28:13 +0000

Malware viruses are ones that knowingly or unknowingly run in the background and track your surfing habits. This is the reason why one gets so many unwanted pop up ads for anti virus or free pc scan.

By: Gary Mchale

Gary Mchale — Sat, 26 Sep 2009 22:13:03 +0000

Wow thanks for the info.
Will take a lot more care in future.
Make sure all my internet activities are covered by full protection.

By: jj-Moms Cash Blog

jj-Moms Cash Blog — Sat, 26 Sep 2009 16:50:57 +0000

Hey Thomas, Wow! Thanks for the extra information that you offered here, this is what I was hoping for. To get a forum going where as people who know about this malware and those of us who don’t know can give opinions and informational instructions for all of us to learn from. I must admit I’m still a little fuzzy about where we find the IP address of the “money sucker’s hackers”. I want to know who did this, and I know I can’t make it personal by saying who did this to “me”, but when this does happen it does feel like it was “done to you.” Thanks again for comment. jj

By: Malware Virus & What You Should Know About it | Moms Cash Blog | SECUREPCFORME.COM

Sat, 26 Sep 2009 08:48:24 +0000

[...] More: Malware Virus & What You Should Know About it | Moms Cash Blog [...]

By: Thomas J. Raef

Thomas J. Raef — Sat, 26 Sep 2009 08:21:10 +0000

That’s an excellent write-up.

I would like to add to it by explaining a little more in-depth what the virus that steals the FTP passwords does, and why hackers do this.

The virus is very adept at determining the current anti-virus software installed on the infected PC. It does this so that it can “morph” into something the anti-virus software won’t detect. It then disables the updates.

This virus steals the FTP login credentials in a variety of ways.

First, it knows that some popular FTP programs store their username and passwords in an unencrypted format in files. It searches for these files, opens them, read them and sends the contents to a server which then carries out the website infections. Everybody is looking for free software. Well many of the free FTP programs store their usernames and passwords in plain text.

So, to defend against this, many people stop storing their FTP username and password and feel they’re safe.

However, the second way the virus works is by acting as a keyboard logger. This records all your keystrokes. When you type in your FTP login credentials, it records them, sends them to a server and carries out the website infection.

The third way the virus works is by “sniffing” the outbound FTP traffic from the infected PC. Since FTP transmits all data, including the login credentials, in plain text, it’s quite easy for the virus to capture this information, send it to a server and, well, you get the point.

Keep in mind that when the above methods are used, there will be evidence of the infected webpages being uploaded in the FTP logs. Quite often though, people don’t ever read those but the IP address of the infectious server will be the source IP address.

The fourth way the virus works is by injecting the malicious iframe into the FTP data stream as it leaves the infected PC. Let’s say you’ve made some changes to a webpage on your PC. You then FTP it up to your site, as the file is being uploaded to the website, the virus injects it’s code. So the webpage on your PC looks fine. By the time it gets to the webserver, it’s infected. This method will not leave any evidence in the FTP logs because the source IP address in the log file is yours.

The fifth and final way the virus works, that we’ve seen, is that it waits for you to FTP something to your website. When you do, it also uploads an infected webpage, different than the one you’re uploading, to your website. This one we’ve just started seeing recently. But we have tested it. We’ve sent webpages to a website and then watched as a different webpage is uploaded at the exact same time as the file we uploaded. So again, there is no evidence in the log file because it originated from our PC at the exact same time.

This comment is getting long but I promised I’d also explain why hackers do this.

Money.

They make money from infected PCs. What better way to infect PCs than with a “drive-by download”? Just by people viewing those infectious websites, they run the risk of being infected. Once they’re infected, the hackers can install other malware on their PCs which they, the hackers, get paid for.

It’s no longer about showing the world what they can do. They now profit from their craft.

Money, it’s what makes the world turn.