I'm a freelance writer

based in Washington, D.C., but I travel wherever the story takes me.

I write about …

Travel

from a shrinking globe …

Food

from around the planet …

Environment

and the natural world …

News

and politics …

Reach out to me.

david@davidmfrey.com

970.618.8438

Contact

My latest ...

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 63 malicious pages. Your blogged served up malware to 49 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Nobody’s Dying Today

BETHESDA MAGAZINE

If she hadn’t driven her friend home that night, Katelyn Losquadro sometimes thinks, or sat in her car for 10 minutes thumbing through her cellphone, everything might have been different. Matt Gault might be dead, and she probably would still be trying to string together enough money to get through nursing school.

Two lives changed that night, Losquadro tells herself.

Read the full story in Bethesda Magazine

Lessons on the Truth

BETHESDA MAGAZINE

Years before presidential tweet storms or Macedonian internet rumor mongers, Pulitzer Prize-winning journalist Alan Miller saw a need to help kids navigate the tsunami of information on their computer screens. His News Literacy Project helps young people across the country and around the world distinguish truth from fiction. “We were the antidote to fake news long before anybody coined that term,” he says. read more…

Taking the Wheel

CATAPULT

R.M.F. 6 – 22 – 46

Read the essay on Catapult.

Out of Hand

THE WILDLIFE SOCIETY

A wave of deadly diseases is wiping out wildlife in the U.S. and around the world. These fungal diseases have decimated bats, frogs, salamanders and snakes, hitting some endangered and threatened species particularly hard. So far, there’s little to suspect the worst is over. read more…

The Outlier

BETHESDA MAGAZINE

Defying polls and pundits, American University professor Allan Lichtman called the election for Trump. This was one time he wished he was wrong. This was no gut feeling. His prediction is based on a system he calls the Keys to the White House. And it’s (almost) never been wrong.

Read the full story in Bethesda Magazine.

Mending Broken Hearts

BETHESDA MAGAZINE

Every year, more than 35,000 babies in the United States are born with congenital heart defects. For Keely O’Brien, surgery at just 10 weeks old saved her life. A generation ago, her condition might have been fatal, but medical advances have doctors performing life-saving surgeries earlier and earlier in their patients lives.

Read the full story in Bethesda Magazine.


Let me hear from you.

David Frey freelance writerdavid@davidmfrey.com

301.466.0544

Contact Me