sarina28 Posted May 18, 2010 Report Share Posted May 18, 2010 After much headache, I found it was not me after all. I just found out from GoDaddy, that there has been a Malware attack. Here is in short what they wrote. Hope this helps others that may have been affected. After more attacks, further evidence suggested the target was not WordPress. This is a complex attack with many components. Here is a high-level overview of how they occur: 1. The attacker is coordinating attacks against three different hosting providers for this to work. * At Hosting Provider ‘A’ – A malicious file is placed on hosting accounts at this provider. No two files have the same name. * At Hosting Provider ‘B’ – A file is uploaded listing the infected domain names and unique file names from provider ‘A.’ * At Hosting Provider ‘C’ – A malicious “scareware” site is placed on compromised accounts 2. After the attackers put their files in place, they use Hosting Provider ‘B’ to trigger the malicious files on Hosting Provider ‘A.’ When triggered, the malicious file: * Scans the hosting account for any php file * Injects malicious content, installing malware that directs to Hosting Provider ‘C’ * Removes any trace of itself from ‘Hosting Provider B’ 3. The attack is complete when an infected website receives a visitor. The visitor, if not adequately protected, will have malware installed on their machine. 4. The malware will alert the infected computer to purchase fake anti-virus software, located at Hosting Provider ‘C.’ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.