Make Tipnut.com My Home Page
Email
RSS
Important: Please Read
From 10 p.m. (PST) Sunday evening to approximately 11:30 a.m. (PST) Monday morning (April 12th & 13th, 2009), a link on this site contained malicious code that could infect your computer if your Web browser isn’t up-to-date, I’m asking everyone to please scan your computer (you need to read below first). Thankfully it happened during the quietest times and was fixed before it got super busy.
If you are an email subscriber and visited Tipnut when you received yesterday’s daily update, the website was fine by then (the code was gone before the feature post was published). However, if you visited the site Sunday night or Monday morning, you need to read this.
Update: This link was just sent to me: Malware Forensics: How Ironic Can It Get?. There are some pretty major websites affected with this (the hyperliteautoservices.cn string is what was hosted here on Tipnut). Webmasters, watch for this!
As soon as I discovered the code (about 10:45 am PST, Monday), I contacted my web host who was able to locate the problem, clean up the files and lock down the account against further problems. Since then I’ve been working on my computer and how I work with site files before announcing the problem–to ensure there wouldn’t be a re-infection.
How this happened:
I got the virus/trojan by visiting another blog or website that was infected with this code. I don’t know which one and I don’t know when, but likely in the past few days. Once my computer was infected, the ftp details to my hosting account for Tipnut was sent to a hacker, who then logged in and placed the malicious code in some of the site files. As much as I’m embarrassed to tell you this, you need to know this happened so you can take care of your computer.
The problem with this malicious code is that it disables most anti-virus programs. Doing a full scan with AVG antivirus revealed no problems, so I had no idea my computer was infected.
Here’s how I cleaned up my computer:
- Used System Restore to bring my computer files back to a week earlier. (added correction)
- I downloaded and installed Malwarebytes, it’s free and it’s a good piece of software. I scanned the computer, removed all infected files, reboot, scanned again. I did this at least three times. There were a lot of cookies, but those aren’t the problem.
- For added protection, I also scanned with SUPERAntiSpyware twice, rebooted and then scanned with AVG twice (neither would work properly until Malwarebytes cleaned things up). Both programs are free.
- Next I downloaded and installed Hijack This (another freebie). This program would not run until all my files were clean (the virus prevents it). Reviewed the information to make sure there’s nothing suspicious. If you’re doing this and you’re not sure, Bleeping Computer is full of knowledgeable people that provide computer virus support.
- Before visiting another website (including Tipnut), clear the browser’s cache to remove all old website files.
Update #2:
From the info on the above site I linked to (in the update), it seems older versions of Adobe Readers could be what’s being exploited. Adobe itself has this warning, Adobe Reader and Acrobat:
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
My IE browser was up-to-date (not my firefox though), but I had an 8.xx version of Adobe Reader. I’ve updated both Reader and Flash. You can do that here on the Adobe site:
Please Note:
- If you can’t run and install Malwarebytes, your computer problem is unrelated to what happened here and you likely have a different virus from somewhere else. Crippling anti-virus programs has become the method of choice, luckily this program was able to conquer what was here.
- If your computer has been acting funny since before late Sunday evening, that is unrelated to the incident on this site. The site was compromised in a 13 hour window, not any time before this or after.
Steps I’ve taken to prevent this from happening again:
I have put safeguards in place. If you’re a webmaster or blogger, I’d advise you to consider SFTP (secure FTP), this will prevent this kind of issue even if a computer does get infected with an FTP virus (which is what I had). I’d also suggest you scan your computer and scrub it completely clean, then change all login information for ftp or web hosting accounts. Search your website files for an iframe code and remove it.
The technician working on Tipnut was so helpful and informative (and even comforting), I truly appreciate the folks at TigerTech. I was a bundle of nerves throughout the day (sick to my stomach–really), but they answered every question, gave advice, and informed me as much as they could as to how this happened and what I could do to safeguard against it.
I am so sorry this happened here and I hope your computer wasn’t affected.
Don't Miss These Tips:
- How To Make Personalized Mailing Labels: Tutorial
- Create A Craft Idea Digital Catalog File
- How To Make Custom Magazine Files
Join Over 30060 Tipnut Subscribers and receive your daily fix of creative tips & ideas...
- Discover What's Neat On The Net With Featured Projects & How To's
- Get Crafty With The Latest Free Patterns & Tutorials
- Receive Tips For Homemaking, Cooking, Baking Plus Recipes Too!
Your privacy is respected (see No-Spam Policy)
You can unsubscribe at any time
You can also subscribe to TipNut by 
RSS
Aw man that sucks!
Thank you so much for letting everyone know, and how to resolve the problem!! You’ve also gotten me hooked up with a few great free programs!
Note, all of the above programs are WINDOWS based. They are not for use on a Mac.
Yes, E, but Macs are still fortunate enough not to be the targets of very many viruses.
TipNut, this is a great post with lots of resources. Thanks very much. I also wanted to mention I got a virus sometime Monday morning and didn’t visit your site during the hours it was infected, so I think (based on that post you linked to) it must have been installed on a lot more sites than just yours.
BTW, I just did a little research for myself and other webmasters out there. It looks like FireFTP (a cross-platform Firefox add-on I like for ftp’ing to my sites) supports SFTP (go here and search for SFTP), as does WinSCP, which you can run from a flash drive OR from your desktop (I’m thinking running it on a flash drive might add an extra layer of protection?).
I just wanted to add: I’m not sure HOW FireFTP works with SFTP. It does support it, but how to get it to actually use it is another story. Can’t find the setting. It could be that you need to get it to dial into a certain port or something. With WinSCP, it defaults to SFTP – if you can’t dial in with that, then you know your host doesn’t support it and you have to use FTP instead.
Sorry for the double-comment – at first I couldn’t confirm that FileZilla supported SFTP, but several users at my host’s forum say it does.
I am not only grateful for but stunned by your candor regarding your recent computer problem. I installed and ran both hijack this and superspyware without anything adverse showing. I just wanted to say that you are to be commended and I will pass along not only the link to your site but this information as to your incredible veracity. Thank you so much and I look forward to reading not only your terrific tips but also sharing this site in complete confidence with my friends.
I am sorry this happened to you. We just found some of the same problems on mine and my son’s computer. Just this afternoon I was running malwarebytes on his to remove a virus that Symantec cannot remove . Norton wanted to charge me $99 to do this for me by remote. We are still waiting to see if malwarebytes will take care of the problem. Have read posts on bleeping computer that it does take care of the virus and really gets rid of it. Must have been a busy weekend for computer viruses.
And a big thank you for sharing your methods to remove these viruses/trojans and hopefully keep them off.
I haven’t yet checked to see if I opened tipnut during the critical time.
Is this a WINDOWS only virus?
Mrs. B I know nothing about Macs, but from what I understand they aren’t susceptible to these sorts of viruses.
Ms. B, a virus that hits Windows, like this one, cannot hit Mac – and vice versa. But I don’t know about Linux or any other OS. There ARE a couple of Mac viruses out there, and it’s on the rise, but most viruses are for Windows b/c most people use Windows, and the hackers want to hit as many people as possible with one effort.