Over the last couple of week, many WordPress websites hosted at Network Solutions were attacked with malicious code. Now, it's happening again. But...it's not just affecting sites running WordPress, it's also infecting Joomla and HTML sites too.
According to stopmalvertising.com, this malicious code contains an iframe pointing to corpadsinc[dot]com. It also sets a cookie that prevents analysis of these infected websites. Visitor's are being hit with the ActiveX_pack before delivering the usual Adobe PDF exploits CVE-2008-2992, CVE-2009-0927 and CVE-2009-4324.
Shashi Bellamkonda, at the Network Solutions blog, wrote a post entitled, "We feel your pain and are working hard to fix this." He apologized and said that it might not be isolated to "file permissions." They are working round the clock to fight this new internet threat and investigating the cause.
Not knowing the cause of this virus makes webmasters very nervous and I don't blame you. Hopefully they will get the answers soon so you can sleep better at night.
But there are some things you can do to protect yourself now...
- For help removing the errant code from your website, contact the Customer Support Team at Network Solutions. If they can't help you, feel free to contact us . We can get your site cleaned (any site...WordPress, Joomla, HTML, etc.) for only $89.
- Change your passwords now for extra safety measures, including your database, FTP, and hosting account. Here's a great strong password generator. Use a minimum of 14 characters (I use 18) with a combination of upper and lowercase letters, numbers and symbols. Make it so hard that you can't remember it and as ugly as possible.
- Always upload your files via SFTP or FTPES, so that your files are encrypted and not seen as plain text. Do this for everything you upload! If you don't know how, just ask us.
- If you're running WordPress, open up your wp-config.php file and change your database password to your new one (located around line 25). If you miss this step, your site won't work, since you changed it in Step 2.
- While your wp-config.php file is still open, change your Authentication Unique Keys (located around line 41). All you do is go to https://api.wordpress.org/secret-key/1.1/ and it will generate these new secret keys for you. Then copy and paste them inside the wp-config.php, save and re-upload it to your server.
- Update your anti-virus program on your computer, including all the latest virus definitions. If you don't scan your computer for viruses, STOP READING THIS POST RIGHT NOW and go do it! If you don't own a anti-virus program or can't afford to buy one, use AVG Anti-Virus Free Edition. If you want AVG's maximum protection, then click *here. Once you know your computer is virus-free, then you can come back and read the rest of this post.
- Once your site is fixed and you've done all the steps above, it's time to put a lock on your WordPress site. Read about our WordPress Security Services here . It's our specialty.
One of our security sponsors, David Dede, of Sucuri Security, wrote up a great blog post with some analysis and screen shots of the malicious code from this hacker attack. You can read it here.
Please share your story with us and/or let us know what behaviors you've seen with this virus, so we can spread awareness with others experiencing this. Just leave a comment below.
Follow on Twitter
*Denotes our affiliate link, see our Disclosure.