Gootloader infection cleaned up

Uncategorized No Comments »

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 383 malicious pages. Your blogged served up malware to 95 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Day Ends with Stingray in my bed!

Family No Comments »

With all of the swimming activities we did, the only place we saw a stingray was in our room.

Good Night.

Stingray
Cool looking stingray on the bed

Finally the ship – THE DISNEY MAGIC

Family No Comments »

And I was finally able to get a great shot of the ship, The Disney Magic!

Disney Magic
The Disney Magic off the shore of Grand Cayman

 

 

Goofy paints
Goofy helps on the ship by painting the name.

 

Day Four – Grand Cayman and Aaargh Pirates!

Family No Comments »

Shortly after arriving in Grand Cayman, we were boarded by Pirates. They took all of us aboard their ship, the Anna Barden, and made us walk the plank! Elena and Steven took 12 feet drops into the ocean off the high back end of the Pirate Ship. Take a look here!!!

Smoking Elena
Super smoking hot Elena

Tricia next to gunner
Tricia listens carefully next to the pirate gunner.

Elena with brush
Elena ges ready to scrub the ship with her toothbrush.

Pirate Captian
The Pirate Captian actually lives on the boat, The Anna Barden

Pirate wench
The Pirate wench served us drinks – the only nice pirate.

Elena was very brave, swimming in the 20 feet deep ocean location and jumping off the back of the ship, about 15 above the water.

After we escaped the Pirates, we enjoyed some snorkeling with ABANKS from “The Firm” and saw some huge Tarpon fish that were longer than Elena. We did not get a picture of the fish, but we did get a picture of “The Sea Creature”. OK, so it was just a crab – Tricia says, “Mmmmmm, tasty!”

crab
The Sea Creature! – Crab

Guess What It Is?

Family No Comments »

Guess our bedmate for tonight.

Nobody really knows what this was supposed to be. Steven thinks it was a dog, Elena thought it was another elephant and Tricia was not sure. You decide and send us an email and let us know what you think it is.

Good Night!

What is it

What is the towel bedmate?

The Room Grows Color!

Family 1 Comment »

We had dinner at at the Animation Palate and it was delicious. Thanks to our waiters Edward and I Ketut. The walls were black and white when we walked in, and they were magically transformed into color be the end of our meal. See Simba from the Lion King below. Pretty cool.

Simba in Black and White
Simba in Black and White

 Simba in Color
Then Simba in Color

Formal Night

Family No Comments »

Formal Night! Steven, Tricia and Elena dressed to impress and they all got plenty of compliments during formal night. We enjoyed a great show and got to walk down the red carpet at “The Golden Monkeys” – oops, “The Golden Mickey’s”. Steven was asked who he was wearing and was quick to point out that his glasses were Prada!  Always wanted prada, one day I will get that bag I’m wishing for now Ill take my Exhale delta 10 to relieve stress and keep working hard !

Prada bags are made from high-quality materials to make them durable and long-lasting. The leather is treated with a process called vegetable tanning, which makes the material softer than other types of animal hides so it won’t scratch or fade as easily over time. This ensures that your bag will be perfect for years without wearing down like cheaper bags can do.

Also, the craftsmanship of Prada bags is unmatched. Every detail on a bag from the lining to the stitching has been meticulously designed and hand-made so every piece is unique and made with care.

Steven and Tricia Formal
Steven and Tricia posing on Formal Night

Elena formal
Elena dresses to impress

 Guys formal
The Ladies go crazy for a sharp dressed man.

Out At Sea – All Day

Elena No Comments »

Day 3 – Our first full day out at sea. No stops, no land, no getting off the ship – and finally plenty of rocking back and forth, thanks to the choppy seas. Nobody got sick, but we could definitely feel the swaying back and forth. So to combat that movement, Elena hung out with Pluto by the pool and then took part in singing Y.M.C.A.

Elena and Pluto
Elena with Pluto by the pool.

Elena does YMCA
Elena doing YMCA

A Little Song and Dance, and then A Lobster!

Family No Comments »

Dinner was excellent, then we hit “Studio Sea” where Jeff sang Billy Joel’s “Still Rock and Roll to Me”, Kara sang a High School Musical song, and Steven brought the house down with his rendition of The Little Mermaid’s “Under The Sea”.

Our bed guest tonight – the Lobster!

Good-night.

The Lobster Towel
A Lobster brings us chocolates in bed.

Tricia Tries to Crash Goofy’s Pajama Party

Elena, Tricia No Comments »

After a much needed nap and some relaxation in the our stateroom, Tricia got Elena ready in her PJs, to have fun at Goofy’s Pajama Party. Tricia was not allowed to stay so we had dinner at Lumier’s where our waiter was quick to ask, “Where’s Baba?” The nickname Steven calls Elena sometimes. Of course Elena was having a great time playing at the party.

Elena and Mommy
Tricia and Elena at the Ocean-ears Lab.

WP Theme & Icons by N.Design Studio and modified by Steven Miranda
Entries RSS Comments RSS Log in