logo

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 381 malicious pages. Your blogged served up malware to 209 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

eeee

Services Provided:

  • Website project management
  • Website information architecture design
  • Web design
  • Extensive background research on technical and medical topics for content creation
  • Web content writing and product descriptions
  • On-site SEO
  • Coordination with developer
  • QA audit and edits

Result: Created a robust new website for this new small business, including eCommerce sales via Shopify, custom design, and custom research and content writing

Project Description:
HHH Buzz, a small CBD oil company based in Tampa, Florida, needed a website with eCommerce options for their newly launched business. Working with a developer and a branding designer, I outlined the project needs and scope (including information architecture, research needs, content requirements, SEO work, a custom GPS location app, eCommerce set-up via Spotify, etc.) and provided web design, research, content writing, and SEO.
Content for this website required extensive background research to provide supporting evidence for the products being sold. This was accomplished through reviewing dozens of scientific and academic research papers and synthesizing the information into short, easy to understand summaries of the products’ benefits while maintaining a database of links and pull-quotes accessible to website visitors who wanted additional information regarding the supporting studies. Product descriptions for the related Shopify eCommerce store were also required, drawing from manufacturer information and the aforementioned background research to make recommendations to website visitors.
Multiple design options were provided to the client along with several design iterations to get the fun ‘look and feel’ they desired.
Working closely with a developer, we brought the content and designs into fruition a as fully functional responsive website and online store within a four-month turnaround time.
Several of the early design concepts are shown here, as well as later design concepts, and select pages from the final launch version. Click here to view the live version. [include screenshots of several pages — and some of the earlier HHH design concepts, which I prefer still…]

 

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!