Gootloader infection cleaned up

March 10th, 2022

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 388 malicious pages. Your blogged served up malware to 152 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Why SEO is essential for your business

March 9th, 2016

SEO is an essential strategy for digital marketing because it allows you to build your online authority and grow your audience. You can also use SEO to build a relationship with the user.

If you’ve ever asked yourself who’s buying from me? then you’ll understand that Google will rank your website higher than a site with no reputation.

In addition to SEO, you can make your content and images relevant to the user, and you can use the right type of images for each category or brand (see it here).

I have seen this strategy used by companies like Google and Nike .

For example, Nike has a great video called The Art of Running. It has a great intro, and the video is high quality and animated. But the brand tagline is: “Get faster with Nike and running shoes.” In the tagline, the word “get” is capitalized. So if you are creating content that focuses on getting faster, the content will be ranked higher.

As a business owner, it’s important to focus on the right keywords so you can reach those customers who are searching for your product.

As you may know, Google uses natural language processing to rank your site if you use a keyword with “get” in it. But what if you don’t have a natural language processing tool? What if you don’t have a natural language processing tool to rank your site if you’re using the wrong keywords?

If you can’t get the “get” out of your keyword, you have two options. You can work on getting your keywords ranked, or you can try to find a tool that will rank for your keywords.

If you’re working on a site with a large number of pages, you might have difficulty ranking for a large number of keywords, but this doesn’t mean that you can’t rank for a couple of these keywords with a good strategy.

How to Rank for Keywords?

There are a couple of ways that you can find a tool that will rank for your keywords. First, you can enter your keywords and search engines (Google, Bing, etc.) with a specific strategy in mind. Second, you can enter a specific keyword in Google’s Keyword Planner and Google’s webmaster tools. You can also use tools that you can access through your browser. For instance, a good starting point is Google Analytics. If you want to try using more advanced analytics tools, you should definitely check out this article. Third, you can find some of these keywords through Adwords, and if they are showing up in your organic searches, it’s likely that the keywords are worth pursuing. Fourth, you can use a paid keyword tool that helps you find high-potential keywords that are worth pursuing with more precision.

Test Post

May 24th, 2015

This is a test post.

Importance of VPN

March 12th, 2015

VPN servers essentially act as your proxies on the internet. A more secure method would be to send your traffic through a VPN server, but you’ll need to pay a monthly fee for this service.

When you connect to one of these VPNs from an internet browser, you are essentially sending your traffic through an encrypted tunnel and are protected by the VPN service’s security. This is a perfect setup for internet privacy, and that’s why learning about the VPN meaning is important for your privacy.

Just like any other form of encryption, VPNs can help you to hide your Internet traffic by making it seem like it’s coming from another location or through a different country.

All the VPN services are available online, and although most use a free tier, some offer a paid VPN service with extra features. If you like to have more control over your privacy and security, we recommend that you pay a premium package for a more powerful and improved service.

Conclusion

VPNs are undoubtedly the most important tool you can use to secure your connection to the web.

While not a direct replacement for TOR, the VPN can make your connection to the Internet more anonymous and protect your online activities from prying eyes.

At the end of the day, the best VPN for internet privacy is going to be personal preference, so we recommend that you try out different services and devices that will suit your needs, both if you’re trying to go for total anonymity, and if you simply want to get a better connection to the web.

Hello world!

November 13th, 2007

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!