Gootloader infection cleaned up

  • Blog
  • Author Archive

27 lutego, 2022 in Uncategorized

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 60 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

16 października, 2015 in Uncategorized

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

8 lutego, 2015 in DIY Tips

The application of paint on interior plaster surfaces has become increasingly difficult

Inferior plaster work and the tendency to rush painting on damp walls.

Uneven suction effects on poor walls may be generally counteracted by the use of varnish type priming coats – at the risk of cracking and peeling of later paint coats. A better looking job is often temporarily secured on non-uniform plaster, through the use of varnish base primers, but the prospect of future failures is always great.

8 lutego, 2015 in Renovation

The Painting of Interior Walls

Again, as with exterior painting, the preparation of the surface is of prime importance. Far too often this is neglected and results are disappointing.

Before starting to paint, wash or scrape off all calcimine, loose paint, grease and dirt. Fill (jracks with patching plaster and sand to a smooth surface. Touch up patched spots with first coater. Even though no spots or cracks need patching, wash the surface before painting. The work involved will be well worth while.

8 lutego, 2015 in Renovation

In attacking the problem from this angle, the fact was lost sight

Of that such a priming coat permitted most of the oil to be drawn into the porous wood, leaving only an oil poor pigment on the surface. This inelastic, oil-drained film became brittle and offered but little resistance to the elements.

The problem, then, was one of obtaining a primer that would not penetrate excessively, thus retaining sufficient elasticity to be durable and resist moisture.

The solution came from the development of Vitolized Oil in the Research Laboratories

8 lutego, 2015 in DIY Tips

A study of paint application problems under these changed

Circumstances brought out the importance of the Priming Coat. Prior to the discovery of Vitolized Oil, little or no attention was given to the part which the priming coat played in achieving satisfactory results.

The general practice had been to attempt to overcome the difficulties involved in exterior painting by providing a first coater that would penetrate deeply into the wood, the theory being that such extreme penetration would seal and satisfy the absorption.

7 lutego, 2015 in Renovation

The above factors have materially affected painting practices

A study of paint application problems under these changed circumstances brought out the importance of the Priming Coat. Prior to the discovery of Vitolized Oil, little or no attention was given to the part which the priming coat played in achieving satisfactory results.

The general practice had been to attempt to overcome the difficulties involved in exterior painting by providing a first coater that would penetrate deeply into the wood