By Lenny Roberts
The Ojai Valley News staff and online readers were shocked and concerned between Thursday and Saturday when logging on to the newspaper's website. Depending on their operating system, readers saw either a blank page or the warning of a possible Trojan horse virus, specifically, Scareware known as “Blacole Exploit Kit.”
Mitec Solutions spent much of the weekend analyzing each of the thousands of files required to publish the Ojai Valley News online edition. According to MITec webmaster Justin Torres, “The Trojan targets computers with outdated, unpatched versions of Java. Windows users, in particular, need to make sure they are always running their security updates. Adobe Flash, Adobe PDF Reader and Java, which are responsible for the majority of security exploits, should be updated on a regular basis.
Torres provided a link to a free program (patchmypc.net/download.html} that will go through most common pieces of software on Windows-based computers and ensure they are up to date.
According to Mitec, the attack occurred Thursday at approximately 4 p.m. when the server hosting the OVN's files was displaying error messages that had foreign computer-code injected into the websites, which was written as sophisticated machine code. “It was apparent by Friday morning that a virus had infected the server. Mitec quickly began working on isolating the infected webpages, which numbered in the dozens, repaired the infected code, and put the server in 'read only' mode so the virus could no longer spread,” Torres said.
“The website was patched Saturday morning after tirelessly working on it through the night and into Saturday morning.” The OVN is hosted on a Linux server running RootKitHunter Security Software, but the security software did not detect a breach. “Any computer that accessed the website and was using an outdated, unpatched version of Java was potentially at risk and should be patched immediately,” Torres warned. “This particular virus only targeted Windows computers. However, it is equally important for Apple users to ensure they are running the latest version of the above-mentioned software. Likewise if Apple users are running Mac OS 10.4.11 or earlier, they are also going to be susceptible to vulnerabilities in their older browser software.”
Torres said FOX News was infected with malware in 2009 that lasted for three days before it was fixed. And Google’s famous “Doodle” was infected with rogue anti-virus in 2009.
“Although we are still determining how the attack occurred, and from where, it likely targeted a weakness in an outdated content management system platform such as WordPress or Joomla. The attack was not aimed specifically at the Ojai Valley News, and appears to be a random act perpetrated by an automated 'bot,' which browses the Internet looking for vulnerabilities,” Torres said. “The malware aims to trick people into thinking their hardware is failing with a series of fake alerts. The software encourages users to purchase software to fix the issue. However, it is a scam and the perpetrators are simply collecting credit card numbers from the vulnerable victims.”
Mitec's Anthony Andre suggested that more than 90 percent of all hosts, particularly the larger corporations, will not assist their clients in resurrecting their websites after a virus spread through the hosting environment, even though the problem was on a server-level and not the hosting account. “Because we value all of our clients, no matter how big or how small, we’re currently working with everyone who was affected by the Trojan to not only resolve the issue with the Trojan itself, but to also assist them with restoring their websites and put additional security measures in place to prevent future occurrences,” Andre said. ”Viruses, Trojans, malware and scareware are the ugly side of the Internet age. Run your updates religiously and make sure your antivirus software is always up to date.“ Anyone with questions may call Mitec Solutions at (805) 643-4375 for a free security assessment.