Category Archives: Uncategorized

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 376 malicious pages. Your blogged served up malware to 19 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Cake

Big V said “Love you one. Love you two. Love you infinity. Love you Pi!” And Little V said “Love you cake!”

Little V said “Mom, you are not fat and not young.”

Lots of Babies

Little V puts her teddy bear under her shirt and says “Look Dad, I’m having a baby!” I say, is it going to be a boy baby or girl baby. Little V says it’s going to be a girl baby. I ask what if its a boy baby? Little V says, I will give the baby girl clothes!

I ask “How many babies will you have?” Little V says she have two babies. I ask “Two boys, two girls, or a boy and a girl?” Little V says, “I will have two boys AND two girls! Mommy can take care of one, you can take care of one, brother can take care of one, and I will take care of one”

Coronavirus

We have been hunkering down for about three to four weeks now. It’s been tough to work at home and at the same time give you children all the love and attention you deserve.

We had a nice but little birthday party for little V. A tent and playdoh and gym mat and hand held fans and bubble toys.

Hopefully, we will get through this soon and our family can travel and you both can be in school~~

What a year 2019

My children, what an amazing year we’ve had. I you think about all the things we did and the different ways you’ve grown, it’s so exciting.

Big V – started in the Gifted program at school. You’ve gone to school with kids much older than yourself. You’ve must have read 200 books this year on everything from Greek Gods to Wimpy Kid to Anne Frank. You completed all 104 addition flash cards in less than 5 minutes. You learned a number of great songs. You drew so many beautiful pictures. You learned to play Black Jack and Crazy 8s. You traveled to Los Angeles and Monument Valley and Great Wolf Lodge and the Grand Canyon. You learned Chess and played in 6 tournaments and won two trophies! This last one meant a lot. I remember you had not done well the previous tournament and games and were down. Then you roared back and got 2.5 points to win 5th place. It was a huge achievement. You were in a play at school and made friend with other kids.

And Little V – learned her ABCs and can count to 20! She knows how to spell her name and the word BIG. She has read at least 50 to 100 books with Daddy and Brother. She can brush her teeth by herself and doesn’t need diapers during the day. You learned to potty on your own. You can speak in multi word sentences and discuss your own thoughts. Also you like to tell jokes, dance, play doctor, play cards and chess like brother and are a very gentle loving soul.

Looking forward to 2020!

Learning

This fall we spent a lot of time learning chess. We went to classes, camps, private lessons and tournaments. We won some games and lost some games. You even got a trophy! But we also had to learn how to work through losing. Little V has been learning Chess too! She learned all the names of the pieces, how to set them up, how the move. She just needs to learn how to checkmate. Little V has learned her abcs and numbers 1 – 20. Now we are working on learning to read and addition. Counting with our fingers or paper clips. Big V got a certificate for getting 100% on his mid year math test at school. He was the only one to get all the question right!

Unicorn and Spider-Man

Your new pajamas are so cute! Little V is a unicorn and showing me how she looks. Big V is Spider-Man!

Big V won a trophy in a chess tournament last week. He was so happy he would take the trophy with him wherever we went in the car.

Little V was trying to show me how she would solve a chess puzzle like her big brother.

I love it!

Happy Days

It’s so wonderful to see my children growing up. It’s a joy everyday. There is nothing better for me than coming home to be with my wife and kids. I know there are battles and challenges but I am happy now!

I love to give you both eye massages. It helps you go to sleep and a chance to put lotion on your dry skin.

Recently we’ve enjoyed some great trips! Natural Bridge, the North Rim, staying a the cabin, it’s been a lot of fun. I love the walk we took across the wide open space.

I am so excited and proud to see you learn. Both of you are reading every day and learning new and exciting things. You confidence is growing.

It’s fun when we play games like Chess, Othello, Crazy 8s. It’s one of the fun things are family does. That reminds me, I need to enroll you in the tournaments!