Archives For security

Last night, I noticed it was taking me forever to log in to Global Geek News but didn’t think much of it as I was currently getting slammed by traffic from Reddit for an old post.  It turns out, the massive traffic spike wasn’t the problem.  The real problem was that we have been hacked!

Earlier today, I went to log in to Global Geek News to find it was still taking forever to do so.  The traffic spike from Reddit had died down and while traffic was still higher than normal for a Sunday, things were still very slow.  In hopes of trying to figure out what the problem was, I went to my web hosting’s cpanel page and noticed the CPU usage was pegged at 100%.  This was the point when I knew something was wrong.

I immediately contacted my host’s support and thanks to a little digging from both them and myself, we determined that Global Geek News had been hacked.  I don’t know everything about the hack but I will tell you what I have found out and what it means for you.

The support guy, Brandon, that helped me with this issue noticed some suspicious files in an upload directory for the WordPress theme (Standard Theme by 8Bit) that I use and alerted me to them.  Not knowing all of the innards of the Standard Theme, I didn’t know if I would have an idea what I would be looking at but decided to check out the suspicious files.  And suspicious they were!

It turns out that the upload directory that they were stored in (which I didn’t even realize existed) was used by the theme to store images that I had uploaded for the ad spots on the top and right of the site.  Once in the directory, that was pretty obvious as I recognized all of those files.  Knowing which files I had uploaded (none recently), it made it pretty obvious which files were the problem.

There were 4 files that had been uploaded between June 14th, 2012 and June 22nd 2012 that were the problem.  Being the curious person I am, I decided to download and inspect these 4 files that had been uploaded without my knowledge.

Immediately upon downloading one of the files, Microsoft Security Essentials said it had cleaned a virus from my system.  After looking into it, apparently I ended up getting hit with some kind of Java exploit (luckily I keep Java up to date).  However, that was just the beginning.

The two files uploaded on the 14th turned out to be some sort of PHP injection scripts and the other two files from June 22nd were a couple of trojan viruses.  Luckily, my antivirus (Microsoft Security Essentials and Sophos AntiVirus on my Mac) wouldn’t let me open the files and they were immediately quarantined.

Just how dangerous these files were, I’m not really sure but MSE called them severe and I believe it.  For those curious, it flagged the “Backdoor:Perl/Shellbot.AH” and “Backdoor:PHP/Lollusc.A” trojans.  So when I found this out, I knew it was not good news.

After realizing I had been hacked and these files had been placed on my server, I worked with Brandon to try to find out who did this and how.  Unfortunately, the how is unknown.  We don’t know if it was the theme itself that was exploited, a plugin or WordPress.  We are fairly confident my password wasn’t compromised so we are pretty sure it was one of those three options.

However, he was able to find two IP addresses in the logs pointing to the hackers.  One indicated a hacker was attacking from the city of Jaworzno, Poland, and another from Houston Texas.  Now I don’t know if two people were involved in the hack, a person who travels a lot or just somebody using a proxy to appear to be coming from those places.  Not being a computer forensics person, I don’t really know.

After finding out everything I could, I deleted the files and everything appears to be back to normal.  I wish I knew more but sadly, that is all I know.

As for what this means for you, the reader of Global Geek News, I am really not sure.  I don’t know if you were ever exposed to any of the malicious files or not.  I’ve visited pages on Global Geek News many times since they trojans were placed on the server on Friday and noticed nothing so I would suspect you are fine, however I would highly recommend running your antivirus and antimalware software of choice to make sure that you haven’t been compromised (it is a good idea to do those things routinely anyway).

I sincerely apologize if this has harmed any of our loyal readers and I will do everything I can to keep it from happening again.  If anybody out there likes to pour over code to look for security exploits, let me know as I would love to find the flaw that gave rise to this hack and kill it.

-Jeremy

Logo of the PlayStation Network

Image via Wikipedia

I don’t really do much in the way of general tech/gaming news on Global Geek News anymore but this is important enough that I need to make an exception.  As I am sure most all of you are aware by now, Sony‘s PlayStation Network has been down for several days due to somebody hacking into the popular service.  Although Sony is still really tight lipped about the details of what has happened, they are now saying that the user account information of those with a PlayStation Network account has been compromised including your name, billing information, email address, password and just about all of the other data they may have from you.  Although they don’t think the database of credit card information was accessed, they can’t be certain so they are urging extreme caution.  Below is a snippet of the information they just posted over on the official PlayStation Blog which you need to go read if you have a PlayStation Network account (which is likely if you own a PS3 or PSP).  This is quite the security breach!

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

I’m not sure if it is possible to change your password while the PSN is down but if it is, I highly recommend doing it ASAP! I plan on doing it as soon as I get home although luckily I don’t use that password for anything else and can’t even remember it most of the time anyway.

Enhanced by Zemanta
8-inch, 5,25-inch, and 3,5-inch floppy disks

Image via Wikipedia

Computer security company FSecure recently traveled to Pakistan to sit down and have the first on camera interview with the creators of Brain, the first PC virus.   Brothers Amjad Farooq Alvi and Basit Farooq Alvi created the boot sector virus known as Brain which was transfered from computer to computer via floppy disks.  The 10 minute video below that FSecure posted does a great job asking the brothers about the origins of Brain and why it was created.  I highly recommend watching it.  It is amazing how far we have come since this virus to ones as complex as Stuxnet.

 

Enhanced by Zemanta

In the past, I have been very critical of the idiots at Best Buy’s Geek Squad and their outrageous prices but I think its safe to say I have finally found somebody worse than them.  The picture below posted on failblog has the whole story but apparently an extremely gullible computer owner was convinced that somebody was trying to infiltrate his hard drive and paid $6 million to protect himself.  Its a pretty funny story so I recommend checking out the picture below.  I think its safe to say this guy shouldn’t be allowed to use a computer anymore.

Scammers convince guy his computer is part of a vast conspiracy

Scammers convince guy his computer is part of a vast conspiracy

Enhanced by Zemanta

I love a good story about stupid criminals and today I get to share one such story.

25-year-old Cody Wilkins was not just desperate for jewelry and money, but he was also desperate for electricity.  Wilkins broke into a house in Silver Spring, just north of Washington DC.  While he was grabbing whatever he could, he put his cell phone on a charger and left it in the house.  I should probably mention that due to a major storm, the area had been without power so he was looking for a charge.  Unfortunately for him, the son of the homeowner came home while he was still in the house.  Although he escaped the house, he forgot to grab his phone on the way out.  The police used the phone to call his girlfriend, find out who he was and were he lived so they could go arrest him.  The police were also able to link him to 10 other break-ins thanks to the fact that he still had all of the stolen loot in his house plus the fact that he used the same boots each time which made it easy to identify him with footprints (tip:  Don’t do illegal activities in the snow, you will be much easier to track.  Also, make sure to password protect your phone).  To read the whole story, check out the original post at The Washington Post.

Below is a picture of the accused thief.  Crime doesn’t pay if you are a stupid criminal.

Make sure to share this story with all of your friends and subscribe using any or all of the subscription options on the right to make sure you never miss out on any of the great content we post!

Stupid Criminal: Cody Wilkins

Stupid Criminal: Cody Wilkins

Enhanced by Zemanta
Image representing Facebook as depicted in Cru...

Image via CrunchBase

Back in November, we posted about the dangers of a new Firefox extension that is available for download called Firesheep and how to protect yourself from it using an extension called HTTPS Everywhere.  To address this threat created that Firesheep exploited, Facebook now has a new security setting that will make you use HTTPS by default so you don’t have to worry about some Firesheep user hijacking your account.  I highly recommend enabling this feature which you can find out how to do in the video below.  The video on how to enable this new feature is thanks to the crew over at Lifehacker.

Enhanced by Zemanta