· Home · May 9, 2010 ·

Burn

One week left, I can do this. Lot’s of make up work to turn in tomorrow, and some exams, but I can do this. Just one week until the Summer of Andrew™ starts.

The Virus on Project Gforum

Except… A few days ago I got hit with some sort of virus, hard. I don’t know if it was my own website that I was visiting, or if it was another I had been browsing at the time. If it was my website, it could be because my entire shared server was hit.

Essentially, what it did to my website was append an obsfucated piece of Javascript to the end of every file that had “index,” “default,” or “main” in the filename, as well as every file that had .js (Javascript) as the filetype. What the piece of script does is open an iframe to an outside site that downloads what I believe to be a .dat file into your browser cache, and somehow executes it. At least two other people and myself have had Java start to load when being attacked, or at least thinking we were being attacked.

Regardless, this has hit Project Gforum pretty hard. I’ve had to close down the forums, as the script has found its way into vBulletin’s standard array of scripts, and despite doing what I had did for this website on them (changing passwords and removing the script from all files that met the above criteria; don’t worry, this site is clean), the script is still somehow in the files. I have confirmed that myself and with another person using Avast.

The Virus on my Computer

Even if I get it rid of it from Project Gforum, I still have whatever it downloaded on my computer. I uninstalled Chrome because if it’s executing from the browser cache, obviously I’d want to get rid of that. However, reinstalling it produces the above memory error, and about half of websites and Chrome options don’t load. So for now I’m using Opera. It’s a nice browser, reminds me of why I used it for more than three years.

It’s completely my fault on both sides – I turned off User Account Control and Windows Defender and didn’t seek out anything other than the freeware Spybot Search & Destroy. For my website, I’ve been playing fast and loose with security for more than a year; my FTP permissions were pretty crappy, combined with the fact WordPress isn’t exactly known for security. Whether or not I can prove it was my fault is irrelevant – it’s my responsibility as owner of my PC and website to secure them.

Hopefully I can remove the script from my website soon, and then wipe my hard drive and install the copy of Windows 7 I got from college six months ago. Hopefully in the future I’ll be more conscious about things like this.

Hopefully.