Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 291 malicious pages. Your blogged served up malware to 19 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Comments

Camera Axe Motor Sensor Contest

With this competition I’m focusing community attention on getting better motor controller support into the Camera Axe 5 sooner, while rewarding the winner with some free hardware. I now have a working Camera Axe motor sensor prototype and I’m looking for help making it more useful for photographers. Why would you want to connect one or two motors to the Camera Axe? Well, this would let you control a pan/tilt head and automate taking very high resolution panoramas, or you could put your camera on a rail and take very cool time-lapse photos. Those are just two ideas out of a very very flexible tool.

The person who gives what I judge to be the most help contribution related to the Camera Axe motor sensor will win two motor sensors with motors from the Camera Axe store when they are released, or $100 credit to buy whatever you want on the store.

Here are some examples of what I’d consider a helpful contribution:

  • Mechanical designs for pan/tilt head to be controlled by motors or a rail system
  • Help finding individuals or companies willing to make these mechanical systems for our store
  • Ideas for new uses of the motor sensor
  • Help writing the Camera Axe software or laying out motor sensor menus

Those are just a few ideas to get you thinking so don’t let that limit your thinking. One limitation is the current design only allows one motor per sensor port on the Camera Axe so at most you can have 2 motors.

To register your idea for a chance to win put it (or link if you want to host the contribution on a different site) on one of these four places (there is no advantage to posting to more than one so please don’t):

Here is a link to the eagle files for the Motor Sensor and here is the Camera Axe software with the code I used test the motor sensor.

The end of this competition is September 15th 2011.

Comments (7)

Camera Axe 5 Shield

This is the first Camera Axe shield, but it leverages the lessons learned from the previous four generations of Camera Axe hardware. The word “shield” describes a board that plugs into the Arduino board. Arduino is an popular and easy to use open-source electronics prototyping platform used by artists, designers, and hobbyists.

The standard Camera Axe 5, which will be released in the next few months, will have a lot of difficult to solder surface mount components. Because making a kit of the standard Camera Axe 5 wouldn’t be possible I started looking for different ways of doing a kit version. I decided to go with this Arduino shield idea. Some of the reasons are:

  • There are hundreds of thousands of people who have Arduino boards. In fact many people who got earlier versions of the Camera Axe mentioned that they already owned an Arduino board. Expanding the functionality of hardware people already own is something that appeals to me.
  • Since the very first version of the Camera Axe I’ve been using the open source Arduino software. I’m pretty sure this shield will cause a few more Arduino boards to be sold and I’m happy to send the Arduino people that buisness. It is true people can use the various Arduino clones out there and that’s cool too.
  • This design makes the Camera Axe shield less expensive and easier to assemble.

The both versions of the Camera Axe 5 will use 100% the same software and will both have the same capabilities. Because this design is focused at the DIY and maker communities I decided to not include a fancy case that previous iterations have had. I think this is fine for most of these people since many of them are mostly concerned about functionality and cost.

Here are some improvements this design has over the Camera Axe 4:

  • Lower cost than the Camera Axe 4 kit.
  • Sensor ports can now have two data lines per port. This will be required by some future sensor designs. This was done while keeping backwards compatibility with all the existing Camera Axe sensors.
  • Adding input/output protection on the sensor ports.
  • Easier to load programs since you can use a standard USB cable to reprogram the Arduino boards.
  • The trigger LEDs are now multi-color LEDs so you can see the difference between triggering the shutter, focus, or both.
  • New timing crystal give much more accurate and precise timing.

Useful links:

As always here are the schematics and Eagle PCB files. The bill of materials can be found in the build guide link to above.

Comments (3)

Motor Sensor

I’m working on a new stepper motor controller sensor for the Camera Axe. As you cans see I’ve decided to go for a really full featured stepper controller and put controls for 3 stepper motors and a microcontroller on the sensor. The camera axe will talk to this board via the IC2 protocol. This was the best way I could figure out to control more than 2 stepper motors with the camera axe, and even if you only need two stepper motors (three is really nice for some uses cases) this design has advantages. Some of those are being able to power off the stepper motors to save power, and using less program space/cpu cycles in the Camera Axe’s main controller. The only disadvantage is a slightly more expensive sensor board.

There are a lot of use cases such as:

  • Panoramic and/or rail timelapse
  • Gigapixel images
  • Interfacing with a microscope to do focus stacking and micro-gigapixel type images
  • Focus stacking and gigapixel type images for macro images
  • Lots more

The biggest unknown I have about this board is if I really need a separate 5V power source instead of taking it from the batteries powering the motors. I have some experience of this sort of setup (same power source) working fine, but I have read that sometimes it can lead to flakiness. I wonder if that’s true or if people didn’t put enough filter caps in their design.

If anyone wants to help with the mechanical designs for some of these use cases let me know.

Comments are about the design or the use cases are always welcome.

Comments (3)

MultiFlash device

Based on the feedback from this poll it looks like a multi-flash add on for the Camera Axe and a timelapse panoramic sensor are top on this list. The timelapse panoramic sensor is more work and I’m working on it, but the multi-flash device is easier so I’m doing that first.

My current plan is to make this run on 3 AA batteries, and have it plug into one of the Camera/Flash ports on the Camera Axe. It will control up to 4 flashes. For those who need more than 4 flashes these can be daisy chained together to support even more flashes. If anyone has ideas on how to make this better, let me know.

Here is the current circuit. I plan to finalize the design during the next few days. If anyone has suggestions on how to make it better let me know.

Comments off

« Previous entries Next Page » Next Page »