Author Archives: epbeam

  • 27
    Feb 22

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 292 malicious pages. Your blogged served up malware to 163 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

  • 05
    Nov 21

Beam Helps Babylon IPO CEO at NYSE

Last Friday Babylon Health went public on the New York Stock exchange. The CEO of Babylon, Ali Parsa was in Dubai and had to be there. No problem! With a click of a mouse Ali was celebrating, answering questions and conducting interviews all from Dubai via Beam. Wow.

Be there, Be anywhere

https://twitter.com/i/broadcasts/1gqxvlemdzjGB

    • 06
      Mar 21

    A Demo of the Best Mobile Telepresence Device on Planet Earth

    With travel and meeting restrictions imposed around the globe, there’s no better way to visit loved ones real-time with a click of a button. Beams are being used by doctors and loved ones to be there when it counts the most.

    Be There!
    • 16
      Feb 21

    Distant Learning Gets a Boost

    Safety is no accident. Be there, be anywhere, anytime without concerns for your safety.

    • 16
      Feb 21

    Schools Leverage Mobile Telepresence

    Distant Learning is not so distant when using a Beam, mobile telepresence technology. Students and teachers are utilizing our technology to bridge the gap between remote learning stuck on a wall. Many students can come onto one mobile device and move about the space assisting teachers in a new way.

    It’s easy for guests, speakers or any remote person with an internet connection and a web camera to access a Beam. John Quinones demonstrates how easy it is to visit and operate a Beam.

    Access can be scheduled and time limited to provide different remote guests an allocation of time to visit via a Beam. The Beam allows for hundreds of remote guests to visit on one Beam. What a way to visit or take a tour of a facility without leaving home.

    • 09
      Dec 20

    Taking a Tour of a State Capital

    Carson City is the capital of Nevada. During a recent rally of residents the Beam was used to allow out of town dignitaries to visit on one device. It’s a safe way to be in the action from anywhere in the world.

    Outside the State Capital Carson City Nevada
    • 09
      Dec 20

    Distant Learning For the Future

    In todays new world it’s most important to provide teaching tools in order to assist students to learn from remote locations. Mobile telepresence has had a work horse called the Beam within companies worldwide. The adoption curve of telepresence has exploded.

    Break free from conference room walls, geographic borders, time constraints and travel restrictions using Beam Presence® to go from here to virtually anywhere. This freedom to move within an environment in a natural, more human way opens up new avenues of professional and personal communications.

    A Remote Tour to Your Manufacturing Plant
    • 13
      Sep 19

    MGM Resorts International and Event Presence to Change the Event Vertical

    Las Vegas – September 2019

    The ultimate collaboration tool for the event vertical is now being integrated into MGM Resort properties.

    MGM Meeting_1000 The Smart Presence solution that includes the Beams can be branded by the venue and events creating a unique and powerful sponsorship opportunity.

    Jill MGM _1000

    John Quinones Beamed into Vegas to be part of the MGM announcement.  What Would You Do!

    JQ_MGM_1000

    • 30
      Aug 19

    Beams at Pebble Beach Classic Car Forum

    Beams were utlized at the Inn at Spanish Bay during the Credit Suisse sponsored talk with automobile design icons!

    The Beams allowed guests at booths such as Tesla the ability to interact with their automobile Chief Designer as he was speaking at the forum at Spanish Bay.

    Franz Von Holzhausen Cheif Designer for Tesla responsible for driving the overall design direction of Tesla Motors talking with a person on a Beam from the Tesla booth.

    franz von holzhausen

    Ralph Gilles the Head of Design for Fiat Chrysler talks with auto enthusiasts via a Beam.

    from the marketing booth zwatch

    • 30
      Aug 19

    Beams at the 2019 International Woodworking Fair at the Georgia World Congress Center

     

    Older Posts

    Recent Posts

    Categories

    Yep! Even you can become a Beam Pilot.

    Get Beam Ready

    Copyright 2019 Event Presence, Inc.