A moment of narcissism by a blogger who covers kink, multiple sex partners and other topics has uncovered a sophisticated attack that secretly installed malware on end user machines by compromising thousands of websites maintained by a large webhost and ginning search results on Google. Ipower, a US-based webhost at the center …
Your claims of being an El Reg Hack are currently being put into doubt. In order to re-establish your good name, I hereby require you to respond to the following question:
Why aren't you at the pub?
This is probably a DLL exploit
There are a number of exploits that get loaded into Apache and then affect all sites hosted on the server. Tight sysadmin can make it harder for these varmints to get in. It sounds to me like this might be what happened here.
One for the mone, two for the road, three to get ready,...
Some times it's not what the Exec in a corp says but what he does(over a period of time) that tells you what their real intentions are. So do we go for three? ;)
@ Anonymous Coward....
Why aren't you?
Apache on its native *nix system does not use DLLs as they are windows implementation. Sure it uses libraries but it is a bit harder to convince a *nix system to load unauthorised ones...
Good Use for Old PCs
Only do critical (i.e., related to money) work on a machine that doesn't cruise unfamiliar websites. Use that old dusty obsolete box for searches, then you (mostly) don't care if it is infected-- image the drive and re-install every now and then, no reason to waste money on antivirus for the dustbox.
Or use Knoppix or another read only media OS. There is no real reason to have only 1 physical machine anymore.
You can also use a brouter / EtherReal (or Snort/Ntop) and sniff what back alleys your PC is really visiting when you aren't watching! A TB drive will store a couple of years of trace information for most people if you aren't hooked on youtube or BitTorrent or such.
The only reason most of us haven't had our identities stolen yet, is that there are just soooo many easier targets... totally unprotected machines waiting to be plucked, or machines manned by children, while we all have at least antivirus, firewall, and don't promiscuously share admin/superuser privileges right? Eh... I don't see too many hands raised out there....
Some of us have actually bred and (and even live with a significant other), have neither the time, money or inclination to play Mr (or Ms) security expert at home
Also when it's your day (and fecking takes up too many nights too) you really will not be pouring over such items in what little spare time one actually has.
I do agree with the need for something like smoothwall (& a proxy) like rather than the pretty useless so called software firewalls.
Also your "May contain highly technical ...." icon / avatar was just embarrasing (but then there isn't one for "Lives at home with Mum and still plays Magic the Gathering")
Have I been infected?
I was doing some testing on my internal website using ie7 and scoped the traffic to try and find a bug. I was surprised to find that packets containing my typed data were being sent to an external IP address registered to MS, even while the real web dialogue was going on between the internal machines.
The only infection you probably have is from Microsoft. They've had the audacity in the past to look at what you're doing on your computer with Win95, and they're doing it again in Vista (and probably IE 7 as well).
Because I actually have to show up at work for my paycheck. Not that I have to do anything...