I post at SearchCommander.com now, and this post was published 14 years 6 months 7 days ago. This industry changes FAST, so blindly following the advice here *may not* be a good idea! If you're at all unsure, feel free to hit me up on Twitter and ask.
This has been the most technologically devastating week of my life, and I consider myself extremely fortunate. Why “fortunate”? Because I had good backups and only lost two days of my life, instead of suffering permanent damage.
After two days of “fixing”, things are pretty much back to normal, but the time lost over the past three weeks for me, for two others on my team, and for several server admins and web developers is simply astounding. I suppose “wiped out” is a gross exaggeration, but it felt like it, and it could have been a catastrophe without great backups.
Computer Problems Are Not New To Me
Ever since puting my fingers on the keys of a Radio shack TRS-80, I’ve come across nearly every problem imaginable, from power outages causing dataloss, to all of the Windows insanity we’ve experienced in versions 3.x, 95, 98, ME, 2000, XP, Vista and Windows 7.
I’ve had viruses, hardware failures and plenty of human errors, but by the end of around 2002, after five years of doing computer service and networking for a living, I had learned enough about my fragile existence to implement some very efficient and workable backup systems.
After 2002, when I began focusing on Internet marketing and web hosting, and working almost exclusively online, I also had my share of trials and tribulations, and instead of managing just a few websites, we began dealing with dozens, then hundreds, and then thousands.
I think it’s safe to say that it’s been 7 or 8 years since I’ve actually had an active virus or serious problem like this on any computer – (other than my kids, who will download anything!)
But I Got Pwned
For those that aren’t aware, there is an annual contest called Pwn2Own that goes on every year. This years contest was held on March 24th, and the “winners” were announced on March 26th, 2010.
Someone in that contest discovered a security hole that allowed script injection through Internet Explorer 8. This meant that simply by visiting a webpage, the user could have their computer used for mnearly anything the hacker desired.
The versatility of this injection has no bounds, and heres a video of the harmless starting of the Windows calculator that was initiated simply by visiting a webpage.
Using this particular exploit, these cybervandals can deliver ANY virus or trojan that they want top, which can make your computer do anything at all.
From wiping your files, to installing a keylogger, or even turn your computer into a zombie spam machine, there’s pretty much nothing they can’t do – nothing.
Who’s Responsible?
Microsoft knew about this hole the very day it was announced, and presumably began working on a fix, but it took nearly 6 weeks, and they didn’t patch it until June 8th, a FULL 6 WEEKS after it was made public. (By contrast, Firefox was patched in 8 days, and Safari was done in 14 days.)
Hackers are able to mobilize a lot faster than Microsoft, and on approximately May 25th, using this particular exploit, I was infected with a brand new virus by visiting a web page in IE 8.
I’m not going to link to the virus, or mention the name because there are dozens of variations now, and it would be pointless, but as a result of that that first trojan, heres what slowly and insidiously happened to me over the course of the past three weeks:
- Stole FTP usernames and passwords
- Spread over network computers
- Stole a credit card number and charged
- Turned a machine into a spam zombie
- Added my email address to dozens of mailing lists – maybe hundreds
- My personal IP address was blacklisted on three spam lists
- Over 40 websites on various servers were hacked
It wasn’t until this past Friday, when the hacked pages started returning AGAIN to certain websites where I KNEW the FTP access had been changed, that I realized I had a much bigger problem – there was an active keylogger on my main machine. Aaggghhh!
What’s a Keylogger?
As the name implies, a keylogger logs your keystrokes and sends them back to the mother ship where sophisticated software algorithms (or vodka swilling jackasses) determine whether they’re credit cards, usernames, passwords or whatever else, then puts them to good evil use.
Thoughout the ordeal, multiple other viruses and trojans were added to our systems, and although they were usually caught immediately, the undetected root problem of an open “back door” remained, and there was nothing I could do to get rid of it without formatting and reinstalling.
Before you criticize me for not using what YOU consider to be the “best products” for protection, I’m going to point out that not only did I get it, but so did 7 people I know personally – including two of whom work for me. Each of those 7 people had what they felt was completely “updated and effective protection”.
What’s the moral of the story?
Besides the obvious, which is to use good real-time protection, keep it updated, and keep good backups, my only solution is to plan my vacation for first week of April each year, right after the Pwn2Own winners are announced.
Seriously, short of not using a computer, there’s NOTHING you can do to protect yourself, so keep your systems cleaned and scanned, and on a regular basis, when you KNOW your system is clean, change your FTP passwords to something highly secure, and keep them on PAPER – not in a file on your computer or saved in your FTP software. Being lazy (like I was) can cause you to do hours upon hours of work.
Either that or… use Macs?