The National – Fixing Their Site? – Time Will Tell

Posted in Dangerous, Mixed Nuts on August 25th, 2009 by MadDog
No Gravatar

As I reported some time ago, The National,  one of our major daily newspapers has been infected by a virus since at least the 29th of July. The virus is called HTML/Framer, but that’s probably of little interest to you.

I visited the site (I’m well protected) a couple of days ago (don’t remember the day) and my AVG threw up the same old warnings. Today the story is different. I was just preparing to remove it from my list of “Try These Links” when I decided to give it one more shot. This is what popped up in Firefox:

The National is off-line. Are they getting rid of the virus?

The site is completely off line. I hope this means that they are fixing the problem. I called the system administrator as soon as I discovered the virus. He never returned my call. I’m going to give the person the benefit of the doubt and assume that he was too flabbergasted at the moment to talk to me, but I am suspicious, nevertheless. I’ve been rebuffed many times when I had a solution in hand and tried to help out a webmaster or a system administrator. Many simply can’t believe that someone calling on the phone to report a virus could possibly know as much about it as they do.

Anyway, I find it abominable that they didn’t take the site down the minute that they discovered the virus. Practically everybody knows that maybe over 90% (note the wacky estimation technique) of the computers that can get on the internet in PNG are probably unprotected and already spewing out viruses by the bus load to any other unprotected computer. Every single flash drive that comes into our building from outside is infected. That’s why I forbid them to be inserted into an office computer until I have de-loused them.

I find it irresponsible of the management of The National  to allow their web site to remain on line for such a long time knowing that it was spreading a virus to every unprotected computer that visited it.

Any rebuttals? Corrections? Comments?

Tags: , ,

The National Newspaper Has a Problem with a Virus

Posted in Dangerous on July 29th, 2009 by MadDog
No Gravatar

I’ve got all kinds of problems of my own in my IT shop today, but I’m taking the time to notify my readers that one of our newspapers that runs an online version has a virus on the web site.

The National,  one of our two major newspapers has an infection of the HTML/Framer virus which is reported by AVG as such.

Here is the warning page that Firefox throws up:

The Firefox warning page for the HTML/Framer virus

And here is the AVG Threat warning window:

The AVG threat warning for the HTML/Framer virus

Okay, why am I doing this?

Yesterday, Eunie said that the newspaper site was infected. This morning I checked it out. I looked up the HTML/Framer virus and came away scratching my head. It is a strange one, for certain. I’m still not sure exactly what it can do to your computer. So, since I know that there are a lot of my readers who may have dubious virus protection, I’m putting up this notice to let you know that, unless you have bullet-proof anti virus protection, it would be unwise to visit The National’s  online version until you can be certain that the infection has been treated.

If you KNOW that your anti virus is working and up-to-date, then you can try the site. You will get some kind of warning if it is still infected. If you are not CERTAIN that your anti virus is A-OKAY, then I’d advise not visiting the site until the problem is fixed. You might not get any warning at all if the site is still infected. Also, I can’t tell you what it might do to your computer. The references that I looked at this morning were not very helpful in that area and I don’t have a lot of time to devote to the issue.

As soon as I was certain of my information, I called The National  and tried to speak to the webmaster. He wasn’t in yet. I left a message for him to call me, but it is nearly 11:00 and I haven’t heard from him. Therefore, I’m putting up the notice. I’ll make an update to this post as soon as I’m sure that the infection has been cleared up.

NOTE PLEASE: For users who are not sure what’s going on here, nothing that you see in this post means that your computer is infected by this virus or that my site is infected. The images that you see are just screen captures from my attempt to visit The National’s  web site. You have nothing to fear from having read this post.

UPDATE: Here is a portion of an email that I received from Kyle Harris this morning. Obviously, this exploit is a nasty piece of work:

Just saw your web post on the National Newspaper site.  Sounds a lot like the bug that hammered my site last week.  Look up TSPY_KATES.G via Google. Basically it puts a java script in the index.php file in your startup menu that attempts to load the virus onto any machine that visits that site. Then it adds the iframe code to each and every file on the site with the name “index” or “home”, rendering those files useless.

I had AVG on my machine but when I tried to visit my site, it downloaded the virus onto my machine anyway.  Don’t know what was happening with AVG.  Took almost a day to clean out my computer.

The web site is still off line until I can figure out how to repair all those compromised files.  It hammered both my blogs and my main site (cms). Make sure that your WordPress site is upgraded and that you have everything backed up.

I have no idea how it got onto my site.  I have a highly secure password for that the site and had not been on for a couple weeks.  I am wondering if
since I am a shared hosting user if it got in via someone else’s site.

Thanks, Kyle, for the information. I’m keeping my fingers crossed. I’m hoping that, since AVG spotted the exploit on my machine from The National  web site, that I’ll have a bit of protection. I’m also going to contact to see if they are doing anything to keep an eye out for their clients.

Tags: , ,