A Wave of Malware

In the last few days I have had an interesting (and frustrating) experience with malware, which provides further proof of human depravity (as if I needed it after the case of our van windows.)

Malware is malicious software and apparently there is virtual crime spree going on right now related to programs like WordPress, which I use to publish SMUG. Similarly, after I did the post about our broken van windows, I learned that ours was one of 19 such crime reports from that night of terror.

I guess in some sense we took some comfort in that we weren’t alone in being victimized, but it didn’t make it less costly to fix.

In the case of the malware attacks, however, the scale of the attacks means others are mobilizing to help.

On Tuesday night, after having gotten notice that I had a malware infestation, I had upgraded my WordPress to the latest version, 2.9.2, and had followed the instructions from WordPress.org and my hosting provider, GoDaddy.

But the problem still didn’t go away; when my wife Lisa was viewing SMUG on my iPad (yes, I will have some posts about my iPad impressions soon), I saw the malware for myself. So it told me I may have helped to prevent further infection, but there was still some malicious code to remove from the site.

This evening I got a note from GoDaddy offering help in removing the malicious javascript, which I authorized them to do.

But they said I still needed to take steps to prevent the problem from recurring, such as changing my Web hosting passwords.

I’m fairly certain that I have it all disinfected now. The last step was to change my server permissions as recommended by the author of my WP Super Cache plug-in so that the virtual ruffians can’t deposit their code on the SMUG server.

A few observations:

  1. One of the benefits of WordPress.com is that in its restrictive environment, which strips out javascript from any posts, it prevents malware attacks. If you can get by with only using YouTube videos (instead of other players that use javascript), you can save yourself some muss and fuss by sticking with WordPress.com.
  2. This does create some limitations, however, so by going to self-hosted you can get ability to embed widgets and video players. You need to be careful in what you install to make sure you’re not bringing malware along for the ride.
  3. The GoDaddy community site has a couple of good posts on identifying, removing and preventing malware on your hosting server and how to fix a compromised WordPress site.

Thanks to those who brought this situation to my attention. I believe the malware was hiding in some cached pages on SMUG (pages that are pre-loaded, so to speak, to make the site perform better.) Since I wasn’t getting those cached pages served to me, I wasn’t seeing the malware.

Please let me know if you see anything malicious happening here.

I often say that I started my blog, back in the day when it was called Lines from Lee, as a way to learn and make my mistakes on my own account, so that by the time we launched blogs for my employer I would have worked out all the kinks. Having our Mayo Clinic blogs hosted on WordPress.com has been a safe solution to date. As we consider moving to self-hosted WordPress, this episode highlights for me the need to have someone technically adept and able to make sure all of the security is kept updated.

In that sense, I guess I’m glad the malware attack happened at SMUG. It was inconvenient for a week or so, and responsible for the fact that I haven’t posted for several days. But I would rather learn here, and let the SMUGgles learn along with me, so that we can prevent attacks on our work-related sites.

2 thoughts on “A Wave of Malware”

  1. Glad the problem is solved! On your “Lines From Lee” sentence, I recently followed your example and started my own blog (and FB and Twitter accounts) to learn/gain experience for a new work position. So far, my biggest problem is coming up with content – I don’t want to post something if it isn’t useful.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.