Spammers and malware propagators are the bane of an internet professionals' existence. While most are familiar with spam and its related effects, you may not be as familiar with malware and its potential threats. Malware, quite simply, is software designed to do bad things. It can be so evil as to infect your computer, delete accounts and steal private information, or simply be designed to redirect a website visitor to another, unknown website without their permission. What the redirected website actually does with the unwitting visitor is not always clear. It may try to infect their computer, or beat them senseless and steal their wallet. More likely the redirection occurs to simply bolster visitor counts and advertising revenue for the target site.
The last two days we have been dealing with such an intrusion on our website. Apparently late Sunday a code injection attack occurred on a 3rd party advertising network we use (used), and about 90 pages of our website were affected. This malware appeared to try to redirect visitors to an unrelated site. We caught it quickly, terminated the external ad feed, upgraded our advertisement management system and cleaned up any affected code. As threats go this was not the worst. Hubspot, a website grading service, will tell you that WorkersCompensation.com has 553,000 pages (I long ago lost track). So the 90 or so affected pages were a mere .0001627486437613019891500904159132% of the website.
Still, any type of threat like this is not one we can take lightly.
It is hard to fathom how often people attempt unauthorized access to servers on the web. Our servers routinely deal every day with multiple “brute force attacks”. A brute force attack is when a person, or more likely a “bot” makes hundreds of log in attempts using random usernames and passwords. This is a routine and constant activity. In the last 24 hours from this writing, just one of our 5 servers has received 2,192 unauthorized access attempts.
A light day, actually.
We have systems to monitor and block these efforts, but constantly protecting your systems from those who wish to harm it, steal from it, or use it for their ill gotten ways grows a bit tiresome. The brute force method is apparently effective for them since the password structure many people use is relatively weak, and despite holes in software and vulnerabilities in the network, a crappy password is still the hacker's best friend. If the people behind these efforts would use their ingenuity for legitimate efforts, I suspect they could make a great deal of money. That would, however, deny them the pleasure of sucking up other peoples time defending and repairing what they've built.
I suppose the lesson here, if there is a lesson to be found, is that nothing is invulnerable, but using good strong passwords to protect your stuff, and changing them often, is your best line of defense.
Of course, a result of such an incident is that Google, which is very good at monitoring these issues, has flagged the site as a potential malware distribution point. That means that people finding the site through Google are warned away by their service, and users of Chrome and Firefox browsers likely are receiving warnings as well. The problem has been cleared from the site – we just have to wait for Google to give us the “all clear”. That means that hopefully Chrome and Firefox users will be able to read this. Tomorrow.
Malware definitely bytes.