About Last Week’s Malware Attack

As you may have noticed, on Thursday November 17th we received a warning from Google that an automated scan had discovered that some of our site's pages could "cause users to be infected with malware." Immediately after we were notified of this issue, our hosting provider and website developers worked together to identify and remove the threat, which was initially completed by mid-morning Thursday.

Unfortunately later on that afternoon our site was again hacked, which caused us to take the site off-line for several hours. After removing the new malware script, we then proceeded to  implement even more rigorous security precautions above and beyond industry standard practices for a site like this.
This was all completed by mid-day Friday and our site was certified as malware-free by Google that afternoon.

In terms of the immediate afffects, From Wednesday to Friday we saw an 88% drop in traffic and a dramatic increase in our bounce rate.  Although we were sorry to have to incur the loss in traffic and out-of-pocket expenses in recovering from this attack, we do think this is a good example of how the free market worked to thwart malware without government intervention.

Another theory pushed by certain proponents of SOPA is that the malware warnings on our site are somehow analogous to, and a justification for, the DNS blocking provisions in SOPA.  (Note: the specific malware warnings in question were not implemented through the DNS system- they use browser-based technology, similar to anti-virus software, to protect their users).

Perhaps if these proponents had pushed for someone with technical expertise to testify about the DNS blocking provisions on SOPA at the hearing last week, they would have learned why DNS blocking is a terrible and ineffective approach to shutting down a website.

In fact, PK's particular situation actually illustrates why DNS blocking is a bad idea:

  • In this situation, the malcode blocking was warning from Google, which occurred well after leaving the DNS and hitting our site.
  • If you used Internet Explorer or a mobile device, you most likely didn't see the warning.
  • If you followed PK on Twitter or Facebook you could have accessed our without seeing the warning by typing in our IP address: 71.6.218.209

So in brief, if individuals were to begin accessing sites directly via their IP addresses, malware attacks such as these would be harder to detect and combat.

Could Your System Have Been Affected?

Short Answer:  Very unlikely. Although the warning from Google was up for almost two days, the actual malware which caused it was only present for a few hours

Long Answer: If you followed the warning and navigated away from the site, you would not have been affected. However even if you continued to browse the site (or never saw the warning because you were using Internet Explorer or Safari), if your operating system was up to date and you were running appropriate anti-virus software, it is extremely unlikely that your system was affected.

What's Next?

We have changed hosting providers to our own dedicated, secure server and we are still very much investigating the execution of this attack in cooperation with federal, state, and local law enforcement agencies to report the intrusion.

If you think your system might have been affected, please let me know.


Related Posts

The Latest