Malware Virus & What You Should Know About It
Here is a guest post by my blogging buddy Plin of myfrugalways.com, he helps us understand what happens when we are hit with the dreaded “Reported Attack Site” on our blogs and how, what, and why this happens.
Plin:
Here is a post I wrote up. Hope this helps people that is looking for more information regarding Malware.
Here is the definition of Malware from Wikipedia http://en.wikipedia.org/wiki/Malware
Malware, short for malicious software, is software designed to infiltrate a computer without the owner’s informed consent. The expression is a genereal term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
There are many different types of Malware including computer virus, worms, trojan horse, ect. Each different types of malware varies in the way they infect the user’s computer and how much control the Malware has. One of the most common issues bloggers encounter is known as iframe injection attack. In an iframe injection attack, the malware inserts a piece of code that looks like:
/<iframe src=”*some bad website*//” width=1 height=1style=”visibility:hidden;position:absolute”></iframe>/
into your code base. The most common target files are index.* since it is the first page loaded by any website. Essentially what the </iframe/> code does is it forwards your website to the bad website. As a result if a user visits your site they will be directed to another site that might be filled with even more malware.
There are numerous ways in which the malware can infect your account but two of the most common ways are a result of hosting servers and ‘FTP. In the case of hosting servers, some hosting company does setup their security setting properly and as a result when an account is comprise the hacker gains access to other accounts as well. E.g. suppose JJ and my blog sits on the same server and I am running a very old version of WordPress. If a hacker hacks my account and the security is not set up properly, he can now access JJ’s files too even though JJ is very vigilant in keeping her copy of wordpress up to date. This is a known problem for some of the hosting company and it is why one should be wary of free/cheap hosting solutions. If you have ssh access to your account, make sure to change the permission of your files to the highest level.
2. FTP password. Most bloggers work on their wordpress files on their local computer before FTP the files to the server. As a result FTP passwords are often a target of malware. If you visited some unclean website, your computer can be infected with malware that sniffs for FTP passwords. The moment when you upload your files to your FTP account, the password is captured by the hacker and they can now automate the iframe code insertion process using your FTP password. In fact, it is better to use secure FTP (SFTP) so the data exchange between your computer and the server can’t be easily sniffed.
To cleanup after an iframe injection attack:
>Keep your anti-virus software updated on your home computer
>Update your WordPress to the last version. WordPress is known for security flows and they constantly release security patches.
>Change all your passwords. A good password should have a mix of upper case, lower case, and numbers.
>Avoid use applications that requires your password in on a public computer. Internet cafes are especially deadly.
>Check all your wordpress files for <iframe> tag and remove them. The key files are index.* However, other files might also be affected.
>Investigate how the attack was originated. This one is a little more difficult but I would suggest try to think whether you have downloaded unknown software recently
.
Some good blogging practice to keep your account safe:
>Rename your administrator account to something other to admin or administrator account. This will prevent attacks where the malware uses admin as username and simply try all the words in the dictionary. (Hint: using dictionary words as password is a very bad idea)
>Backup your database on a scheduled basis.
Cheers Plin, (more…)
24 Comments
