Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 288 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

The Circle Of Art

circle_display

If you went to the Circle Of Art festival last weekend you probably saw The Borrego Sketchbook making its public debut along with the Borrego Art Guild booth.   Comments were positive, sales were very encouraging and nobody threw tomatoes; all in all, two great days in the sun, surrounded by art and commerce.

Many thanks to everyone who stopped by and talked and much and more thanks to my Art Guild colleagues who set up the deal, especially Beth Hart who organized us and Jacque Goodrich who coordinates the Circle of Art and first suggested that I look into participating.

And now some of you must be saying, “Hey, wait!   I didn’t go to the Circle of Art!  How am I going to purchase that fantastic Borrego Sketchbook merchandise?  Is there no justice in the world???”

To that, I respond thusly:  Stay tuned, true believers.  Stay tuned.

Big, Bold, Beautiful BAI

opening_exteriorJan 19, 2013 introduced a whole new chapter in Borrego Art.  The Borrego Art Institute reopened in their new location on Christmas Circle.  You can see part of the story of the building’s purchase and renovation here.  The theme for the show was Big, Bold, Beautiful: three adjectives that apply not just to the art but to the building and especially the opening night turnout.opening_crowds2A LOT of people came.  This isn’t even when it was most crowded.opening_birdLeslie Duncan presents a new painting.  opening_eagleAn eagle, carved by Paul Jorgensen, perched  between two paintings.opening_hummingbirdAnd in keeping with the bird theme, here’s mine.  Kind of hard to see the scale in this picture but believe me that it is big and bold and, perhaps after a few fine glasses of wine, beautiful.

If you weren’t there to see it, I must state definitively that this was a very exciting night.  The BAI Board along with a host of donors, artisans and builders have worked tirelessly to bring about an incredible transformation in the heart of Borrego and it was a thrill to see the community come out and join in celebration.  Congratulations to the BAI and here’s to many more openings!

Water Aerobics and Stargazing

water_aerobics.6webbed

Strengthening muscles, improving flexibility, cardiovascular work-out in a fun and supportive environment.  In addition to those rewards that are openly discussed, The Borrego Sketchbook is aware that every participant is secretly the star of their very own Esther Williams Spectacular.

stargazing_webbed

It’s an old show, but it’s never the same.  When you’ve grown tired of your nightly indoor HD programming head outdoors and tune in to the oldest and greatest show there is.   Nowhere is the picture clearer than here.

Borrego Landscape Painters article

lscape1_webbedLast Fall I was among the artists profiled in The Sand Paper, the newspaper for the Anza Borrego Desert Natural History Association.  (I’m going to call it ABDNHA, like everyone does and save myself some typing next time.)  The article is now online here, on the author’s website CaliforniaDesertArt.com which is an excellent resource for, well, California desert art.

I must say it was a great honor to be profiled alongside the other fine desert artists, especially two fellow Borregans: Barbara Nickerson and Carol Lindemulder.

One correction to the piece: I have a BFA in Animation/Illustration, not an MFA.

And the part where the reader is teased about an “unexpected direction” and a “study of Borrego life and residents,” well, that would be referring to this very website.