Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 381 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

From the urgent, world-shaking dramas of FOX NEWS CHANNEL’s 24 hour live cable news to high-gloss Hollywood productions like EXTRA!, Burke has been at the forefront of using cutting-edge technology to reshape how viewers consume the news. At heart, Burke says he’s a story-teller, but he’s driven by a passion to engage and enthrall viewers with unique stories that resonate with an audience. A veteran documentarian and self-admitted news junkie, Burke now brings his extensive skills to bear in program development and new media.

Burke helped reshape a fledgling Fox News. Now known as “the Most Powerful Name in News”, it was not always the case. Burke brought lively production values, pacing and packaging to create The Fox Report with Shepard Smith, which soon became the highest rated news program in all of cable news.

With the tragedy of 9/11, Burke took responsibility for all of Fox News daily live coverage of the War on Terror. As Executive Producer of Daytime Programming he lead the efforts of writers, producers, anchors and reporters.

Burke, more recently, created TV Guide’s first live, daily entertainment news program with host Chris Harrison of ABC’s The Bachelor. Burke also produced extensive coverage of Wall Street’s Great Meltdown for CNBC and Fox Business Network.

Previously, Burke traveled extensively for national newsmagazines like Inside Edition. Burke hiked into the Andes mountains with anchorwoman, Deborah Norville, to tell the miraculous story of the survivors of a tragic plane crash there. Other adventures took Burke to Vietnam and Cambodia, where he searched for the ruthless dictator, Pol Pot, who was hiding with the Khmer Rouge in the northern jungle.

Burke began his career at WNBC-TV on the local public affairs program, Religion in Review, where he was honored to book as guests Mother Teresa of Calcutta; His Holiness the Dalai Lama and Nobel Peace Prize winner, South Africa’s Bishop Desmond Tutu.

Burke’s latest project was developing and launching the ground-breaking series “Chasing News”, featured on WWOR and FOX 5 in NY/NJ and FOX29 in Philadelphia.  For “Chasing News”, Burke pioneered a new form of newsgathering for the 21st century, losing the bulkiness and clumsiness of the past, and embracing technology for a streamlined, modern approach.