Hacked Blog and Hidden Links - Warning Email Sent by Google

May 11, 2008

Stumble it!

Enter your email address & Get Updates:

Who remember a post that I did about strange rss? Now if you see and search with the keyword “googlelady” you will see behind the title a note “This site may harm your computer”. Why is that? This is a new worm/spyware/trojan/virus that is spreading around the net and I call that virus a Social Networking Virus.

Before I start to explain this remember the rumor that I posted few days ago that Google will de-index all wordpress blogs? In a way is happening and you will know why.

I received a warning email from Google in one of my email accounts with this domain (they usually send email to the following usernames:

* abuse@yourdomain.com
* admin@yourdomain.com
* administrator@yourdomain.com
* contact@yourdomain.com
* info@yourdomain.com
* postmaster@yourdomain.com
* support@yourdomain.com
* webmaster@yourdomain.com

If you have one of those usernames in your email and you have this worm you will be contacted by Google as well. Googlelady.com have been hitted by this worm and I have been working in this issue for 10 hours straight and finally fixed.

Two reasons why your Blog is Hacked

• 1. The reason is because Googlelady.com was upgraded to the latest wordpress version 2 weeks ago, and it seems that old version of wordpress have a backdoor that a “cracker” or “Script Kiddie” (Not Hacker, because hackers don’t harm) can install a code/worm in your blog. It is an iframe that is installed in header or in the footer of your blog.
• 2. I never have seen a “smart” virus like this before but if your blog is upgraded with the latest wordpress version Watch out your computer, if you have this worm installed (you got them from other blogs that have been hacked) and you own a blog, then your blog is also infected. How is the process? When you are login as an administrator in your blog then the virus will sign out from your blog automatically and then the same virus automatically install the virus/worm in your blog.

Googlelady had both issue, the blog was infected because old version and after I upgraded to the new wordpress version I didn’t scanned my computer for viruses (even didn’t bothered to have an updated virus in one of my laptops) so then I got the virus installed in my blog from my computer. This is really a wise virus!

What do you think the effects of this virus? Googlelady have been dropped from major keywords that I was ranking at the top but the only keyword that I am not dropped is with “Googlelady” (Till now). So now tell me that You don’t believe that Google will de-index and remove all wordpress blogs from their search engines (In this case just Infected Wordpress Blogs. In a way the rumor was true ).

The Solution

• Step 1: Download Spybot Search & Destroy which is a spyware/malware scanner. Install it and upgrade (before you scan) it. Then scan your computer with Spybot search & Destroy
• Step 2: Download a good antivirus. If you want my opinion I ordered an excellent (and the best) antivirus Kaspersky. Install your antivirus and update it for the latest antivirus definition. Then Run it in all your computer files
• Step 3: After you have cleaned your computer with both software that i mentioned now is time to clean your blog. Check your header.php, footer.php & index.php. If you don’t find anything is because your blog have been infected through your computer and this is the worst part. You now have to check each new post that you already published and see if you see any wired code (iframe or any unknown link) remove them in each post that you find and save it. If you want to make something better. Backup your Blog files, save your wp-config.php file and delete all your blog files (including the themes). Then upload the new version and upload your old wp-config.php and then upgrade it. Now you have a new fresh blog with the content. If you delete the blog files you are not deleting the posts there.
• Step 4: Now that you are sure that your computer and blog are clean and save go to your Google webmaster tool, if you don’t have one create going to google.com and “my account” at the top of this page, then go to webmaster tools and register your blog under that account (there is a step by step process) then send them a message explaining what you did and you have been cleaned all the mess. Then go to Stop BadWare then make a search if your site is there. If you find your site there click on “request for review” and explain them as well the situation.
• Step 5: WAIT for both parties answers.

Possible Virus Name

- Trojan program Trojan.Win32.Tiny.e
- Trojan program Trojan.Win32.Tiny.e
- virus IM-Worm.Win32.Sohanad.bm

If you really want to help your readers and bloggers to prevent this issue spread the word and let them know about this article.

Want One of the Cheapest and Affordable Hosting?

What Next?

 Subscribe To GoogleLady

 Digg It

 Save This Page

 Sphinn It

 Stumble it!

 Favorite This Post

 

Get Updates In Your Email

Posted in Webmasters