Gootloader infection cleaned up

Posted on February 27, 2022 by Sander Homan

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 387 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
Verify all users are valid (in case the attackers left a backup account, to get back in)
Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
Run antivirus scans on your server
Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
and Wordfence Security, all do some level of detection, but not 100% guaranteed
Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
Check subdomains, to see if they were infected as well
Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Unity 4.6 and Modules

Posted on December 9, 2014 by Sander Homan

Since version 4.5, Unity has a module manager menu option, but it seemed it was not yet implemented. In 4.6 however, that module manager is used for the new GUI system. The source of the new UI is also available now and the install instructions talk about a specific folder in the unity install to copy the files to. I experimented a bit with that folder to see if Unity is also able to load my own files/modules. The answer to that is YES.

Continue reading →

2d car “simulation”

Posted on February 25, 2013 by Sander Homan

I was kinda bored over the weekend, so I made this simple infinite terrain car “simulation” prototype. It uses wheelcolliders for the wheels and generates meshes and colliders at runtime to create an infinite terrain.

Car sim screenshot

demo

A new 2d tilemap shader

Posted on August 7, 2012 by Sander Homan

A while back I created this 2d tilemap shader and now Igor has sent me an improved version that looks great. Here is the email he sent me:

Hey,
I found your tilemap shader post extremely helpful- it got me well on my way developing the terrain of a game I’m working on. Having spent a few days extending and refining the system, I thought I’d send it back to you, in case you wanted to add it to the post for any other folks stumbling upon your blog.

Basically, the new shader supports arbitrarily sized maps, layered tiles, and uses Warcraft 3-formatted tilesets.
It also fixes the tile bleeding issue in the original (it was related to precision loss in the pixel color component).

Again, kudos for the original idea.
Igor

And here is the updated package that was attached to it: multilayer_tiles.unitypackage

Thanks again, Igor for sending me this updated version.

In-game Console

Posted on July 27, 2012 by Sander Homan

The last few days I’ve been working on an in-game console. Because I was testing the multiplayer capabilties of Unity and couldn’t be bothered to make 2 separate projects for the client and server to test it, I needed a simple console that would allow me to easily check the errors, warnings and logs that occurred during runtime. And then it got a bit of feature creep that turned it into a full blown console with support for custom commands and scene queries. It also is able to call any method on components in the scene.

The console in action

Continue reading →

EasyAchievements has been updated

Posted on June 12, 2012 by Sander Homan

I have just submitted a new version of EasyAchievements to the asset store. The new version has a few bugs fixed and also has some extra features.

Fixed:

Fixed corruption of window when code got recompiled

Added:

Achievements can now be organized in categories
Window usability improved by allowing the resize of the left side

For more information, see the EasyAchievements page or the Asset Store Page

EasyDialogue has been updated

Posted on June 10, 2012 by Sander Homan

EasyDialogue has been updated to version 1.1.

It now supports import and export support for xml. This will allow more rapid translations by non unity users.

See the EasyDialogue page for more details or check out the asset store page.

Easy Dialogue now available on the asset store.

Posted on April 3, 2012 by Sander Homan

Easy dialogue, the unity editor extension to easily create dialogues for your game, has been released on the unity asset store.

It can be found here: http://u3d.as/content/sander-homan/easy-dialogue

For more information, see the extension page.

Easy Achievements submitted to the asset store

Posted on March 26, 2012 by Sander Homan

Easy achievements has just been submitted to the Unity Asset Store. It should be available soon.

Easy achievements is an extension to the unity editor that allows for rapid creation and easy use of achievements within your existing application.

For more information see this page.

Cyclindrical world

Posted on March 13, 2012 by Sander Homan

A question came up in the #unity irc channel on freenode.net, about how the world was done in Animal Crossing. I made a small demo that uses a custom shader to get a similar effect.

Here is a simple demo of the effect: WebPlayer (move with the w/s keys)

And here is the unitypackage containing the shader and a sample scene: UnityPackage