All about life, liberty and the pursuit of hopeiness.
| CBS News | 0 | |
| WaPo | 0 | |
| Zogby | North Dakota Senator Byron Dorgan Trails in Potential 2010 Senate Match-up |
0 |
| SF Chron | 0 | |
| KDVR | 0 |
Audacity of Truth
The Texas Rainmaker site has been hacked
I just got news that the Texas Rainmaker blog has been hacked. I’ve linked up to him here in the past, but I won’t in this post, because the site has an embedded virus. Jason’s asked that people not visit his site until he’s given the all clear – I’m sure he’ll send an email when it’s safe to go back.
Can someone explain to me what an embedded virus does to the computer of someone who visits a site with an embedded virus? I did visit Jason’s site and noticed what happened (didn’t click on anything), so I hope my computer doesn’t have any type of virus.
Update: Jason’s site is now back up and running. Yay!
RSS feed for comments on this post.
11 Responses to “The Texas Rainmaker site has been hacked”
Comments
Blogads
Disclaimer: The views expressed on this blog do not necessarily reflect those of ST's advertisers, nor do their opinions necessarily reflect ST's. Stats
It is embedded in the code on the web site. And when someone visits it it downlaods it automatically to the visiting computer. If you have a good anti-virus and firewall, it should catch it and not really do harm. I would run a virus scan with your anti-virus just to be on the safe side.
ST, how that works is that when you load a page into ram, then that is where the virus can litterally be written to right either a hard file to the hard drive or a litteral file to the hard drive. A hard file is one that is encoded directly to the hard drive but doesn’t show up as a file. It is all in code like what the ( FAT ) table looks like. The FAT stands for File Allocation Table which is a code on your hard drive. That takes a lot of brillant coding to do that, and the other is the litteral file which looks just like any other kind of file but may be set with the hidden and system attributes so that you wouldn’t see it. Sort of how the MSDOS.SYS and the other file systems files that do not appear. To a normal directory listing. A litteral file writing to the hard drive doesn’t require as much brilliants to do that, but can be just as severe.
Multitude of Viruses can be either triggered to do severe damage to the hard ware of the system, ie.. Like the one back in the early 90’s that was called the Disk-killer which litterally dragged the hard drive heads accross the platters of the hard drive to nothing more than a hinderance or nusience.
Most of the time viruses can be delivered by going to a site because your system first puts all contents of that site into “RAM” and from there it can do what it was programed to do. I had a friend of mine who had a older computer system he used to run viruses on just to see what it did to the computer. So I had learned a lot about how viruses can effect a computer from him. Most anoyance type virsues can do what is called multiply, meaning that either you will get coppies of that viruse file all over your hard drive or it can be programmed to be sent out to all your friends via email by watching for outgoing mime/smtp transmisions and it will attach itself by encoding directly in your email message to all the ones in your mail box.
The word embeded all that means is that the raw code of the virus is embeded in the code of the site, for example, take and view a email in it’s raw format with either notepad or another text editor and you will see all kinds of strings of code in there and that is called mime encoding, now there is encoding in HTML XML and all the rest of the basic HTML format.
Also the embeding of the code of the virus does not have to follow with the code of the HTML for example it can be not in order, you might find the end of it towards the beginning of the HTML and the end of it some where in the middle.
Trust me better not go to the site to be safe.
Thanks for the info, guys.
ST, Stix is basically correct, meaning that if it’s an older virus, the Anti-Virus program might catch it, how ever if it’s a fresh newly written virus, the Anti-Virus program will not stop it, in which case those who Write Anti-Virus programs will have to see the strain of that virus first in order to combat that virus, to write code to destroy it or keep it from launching it’s nastyness on everyone else.
Still best bet is not to go near his site and let him deal with it, he will write you I’m sure when he gets it fixed.
ST
Just be careful and warn as many as possible not to go to his site until he has given you the go ahead.
No worries, Phil – I’m steering clear.
Hey ST that is good news that Jason’s site is back up and running. It probably wasn’t too bad, you know you and the other bloggers should always keep your information backed up on your own hard drives in case of a situation like that so that you can restore it easily.
Thanks, ST, for posting the warning. The site is back up (with my response to those who did it). It was very amateur and unfortunately, very preventable.
For those using Wordpress, here’s the issue (and the fix): It appears that my wp-config.php file was overwritten the script hackers. It appears that the permissions set on the wp-config.php file were set to “chmod 666″, which makes that file writeable. PHP files should be set to “chmod 644″ so that they are not writeable by the public.
Again, thanks for posting the warning as I couldn’t reach out to visitors while the site was down.
Well, it’s back up and clean as a whistle.
Jason, Yes I would say what they did was childs play compared to professional hackers, I know all about the chmod command. It’s a unix version of DOS’s old ATTRIB command. In DOS the command to do that would have been ATTRIB +R wp-config.php which sets the file to read only and does not allow it to be written to, in unix there are combinations where like you said can be allowed to be written to by system administrators but not by users.
Anyone with a thrird grade level knowledge of how system files are set could have done that.
Jason, Yes I would say what they did was childs play compared to professional hackers, I know all about the chmod command. It’s a unix version of DOS’s old ATTRIB command. In DOS the command to do that would have been ATTRIB +R wp-config.php which sets the file to read only and does not allow it to be written to, in unix there are combinations where like you said can be allowed to be written to by system administrators but not by users.
Anyone with a third grade level knowledge of how system files are set could have done that.
Hi ST
Would you mind removing the comment by the link below.
http://sistertoldjah.com/archives/2006/11/21/the-texas-rainmaker-site-has-been-hacked/#comment-596683
Thanks ST