Regarding Our Recent Site Attacks

[Mr. Tasty Vapor]

Update from GoDaddy: Less than 200 accounts hacked this morning as they were able to contain it before it spread. On their own words:
Compromised Website Update 5/20/10 - An attack impacting less than 200 accounts happened this morning.

Go Daddy is working with other top hosting providers and security experts to gather information to stop to the criminals initiating these exploits.

We have contacted the malware site registrar to remove the offending domain from the Internet, in order to block the attack.

As part of our investigation, Go Daddy has launched a fact-finding tool to collect information about your experience. If you suspect your site was impacted, please fill out our security submission form, located here - http://www.godaddy.com/securityissue.

Thank you, Todd Redfoot, Chief Information Security Officer

 

[Mr. Tasty Vapor]

Yes, it sucks, but as you can see, It was not some single jerk trying to bring down Tasty Vapor, but possible a couple jerks trying to take down the GoDaddy servers.

While this is an odd form of relief for me, it doesn't address the problem.

THAT, we are trying to deal with now...

 

[5cardstud]

My security caught it when I logged on an denied access to a trojan virus.

 

[Ralph T]

Yes, it sucks, but as you can see, It was not some single jerk trying to bring down Tasty Vapor, but possible a couple jerks trying to take down the GoDaddy servers.

While this is an odd form of relief for me, it doesn't address the problem.

THAT, we are trying to deal with now...

Unfortunately its all about the money. These are organized criminals. The idea is simple. Infect as many machines as possible with FAKE antivirus software and lure them into paying with a credit card to fix the problem. If you do this to a 1000 folks, 20 to 30 of them will be dumb enough to pay 49 to 89 bucks to solve the problem (at least they think they are solving the problem). So lets say ~25 people pay ~50 bucks, thats about $1250 per 1000 infections. Except we are talking closer to millions of people infected in the first part of this year alone.

This one was easy, because the user had to do something stupid: download and run it to fully infect the machine. Rather primitive and ineffective. The more recent scams involve writing malware that is embedded in an advertisement and then buy advertisement space for it. Then the ads show up on legitimate sites, such as cnn or google. The user doesn't even have to click. If the ad renders in the browser AND it takes advantage of some unpatched vulnerability on the users computer, AND is unknown to the users antivirus/antispyware software then the computer is now infected. They may not even know they are infected until sometime later.

Furthermore, script kiddies can buy toolkits now to create this malware.

It's an ugly world, and getting worse all the time. See Inside a global cybercrime ring

The best things you can do to protect yourself are:
1. Make sure your system has all of the latest security patches. Including MS, Adobe and Java. Adobe is the favorite hole at the moment.
2. Reliable, up to date antivirus. I wont recommend any. Not shilling for any company here.
3. Be aware of social engineering. Thats what todays trick was all about. This one preyed on your fear that you might be infected. Others prey on your curiosity. NOTE: Adobe will not email you telling you to update your software... that is another trick going on right now!
4. Be particularly weary of the social networking sites like facebook. A lot of scams running on those right now.

 

[5cardstud]

The way I found my antivirus program was through investigating them. I wouldn't take one persons recommendation but instead got many. Plus I keep a backup antivirus too. One thing I found out is if you get one of them alerts that say your infected and you need their scan or product to fix it, Don't touch it anywhere. If you click the red x to close it then you just got it. Instead right click on the bottom bar on your computor, open task manager and highlight it, then click end process. Or power off. But don't click anything on that warning.

 

[Ralph T]

The way I found my antivirus program was through investigating them. I wouldn't take one persons recommendation but instead got many. Plus I keep a backup antivirus too. One thing I found out is if you get one of them alerts that say your infected and you need their scan or product to fix it, Don't touch it anywhere. If you click the red x to close it then you just got it. Instead right click on the bottom bar on your computor, open task manager and highlight it, then click end process. Or power off. But don't click anything on that warning.

There is some truth to that. Multiple Alt-F4's usually closes all the windows.

I have had several customers pick up these scareware fake programs from legit sites lately. No clicking required. They found out the next morning. Reviewing the proxy logs revealed bad ads. Hard to protect yourself against something brand new that your antivirus doesn't know about.

I have been evaluating a program called sandboxie for almost a month. It runs your browser in a fully sandboxed (self-contained) environment which deletes all changes after closing the browser. Seems like a good fix so far. Problem is that its something else to buy, and learn... yada yada.

 

[Poeia]

Or buy a Mac.

Of course, if they become popular enough, the hackers will start targeting Macs and we don't even have anti-virus software.

 

[Ralph T]

Or buy a Mac.

Of course, if they become popular enough, the hackers will start targeting Macs and we don't even have anti-virus software.

Well. There is Norton. At least there was at one time. Even iphones and blackberrys are targets now.

 

[Poeia]

When I bought my Mac I asked them. They don't carry it but there is software to protect the Macs that run windows as well.

Of course the sales people seem to think that Macs can't[/] be infected. They're living in a fool's paradise. It's just never been worth it to the hackers when there are so many more PCs.

 

[CaptJay]

Malwarebytes antimalware is free and one of the progs used by IT people too (I use it myself along with spybot searchanddestroy, zonealarm and Avast!). Get it, use it daily. I wouldn't trust Norton with a trojan - its good for viruses, not good with trojan finding.
I had this pop up fake antivirus thing ages ago and MAM got rid of it - its annoyingly persistant and can infect your home PCs registry keys too.
Don't take my word for it - look it up on anti virus forums and reviews pages of antivirus progs. I wouldn't be without it personally.

 

[bettyboop]

Do you know the accounts that were hacked into?

I am not on the forum very much, sorry if this question was already addressed.

Since this was a godaddy server attack, is it possible that any customer info was compromised? Or were they just trying to only crash the server as you previously stated?

 

[VaporingQueen]

My security caught it when I logged on an denied access to a trojan virus.

Mine did the same thing when I tried to log in.

 

[Mr. Tasty Vapor]

The ultimate goal of what they were trying to do, seemingly was just cause a major annoyance. No customer data was tampered with. The "bug" was trying to install code that loaded malware, not someone FTP'ing the site, trying to acquire customer data. So, all of your information is completely safe.

I only know that Tasty Vapor was compromised. As for the other sites that were compromised, I would call it a gross lack of professionalism if GoDaddy DID post a list of all of the sites that were compromised. That would be similar to criminalizing their clients for being victimized.

It is more in their professional interest to help clean up the fiasco for their clients. This seems to be their present course of action. Which I am grateful for. However, since this is the Second time our site has been subject to a grudge someone has against GoDaddy, I can't justify staying with GoDaddy.

Tasty Vapor will be migrating to a more private server, where the people involved can be more "hands on" about chasing suspiscious behavior that may be happening with our site.

This transition will be seamless and will not affect anybody in the least.

As for now, the problem has been resolved and we can resume normal business with no worries.

 

[portguy]

I had told this before. It was not TV under attack. Godaddy servers have been attacked (infected) for some time. It is their security that is not good enough. Didn't want to stress this out because TV crew were in fact suffering, but the target was not TV.
http://www.e-cigarette-forum.com/forum/tasty-vapor/91857-tasty-vapor-down-2.html#post1377412