back to article Scumbags cram Make-A-Wish website with coin-mining malware

One or more completely feckless scumbags have loaded the Make-A-Wish foundation's international website with crypto-mining malware scripts. Researchers with Trustwave say the (now clean) WorldWish.org site was compromised via a Drupal exploit and seeded with malicious JavaScript that enlisted the CPU cycles of visitor's …

  1. Rob Dyke

    Surely you mean...

    "One or more completely feckless scumbags neglected to update the Make-A-Wish foundation's international website allowing it to be compromised by 6 month old "Drupalgeddon 2" exploit."

    1. holmegm

      Re: Surely you mean...

      Drupalgeddon 1 and 2 *really* sucked.

      In addition to the fact that there will always be some first victims, no matter how itchy your upgrade trigger finger ... Drupal does not have any easy one click updating (not that that is always a safe thing to do anyway, but it *guarantees* that updates are non-trivial).

      Then there was the sequel ... it's hard enough to get your client to do something - and quickly - about a security exploit, when it's a non-trivial upgrade. But to have to come back just a few weeks later ... "um, yeah, you remember that Drupalgeddon thing a couple weeks ago? Ahem, um, well ... "

    2. bombastic bob Silver badge
      Childcatcher

      Re: Surely you mean...

      No, I don't think the Make a Wish server operators are feckless scumbags. Most likely it's just some poor schlub either volunteering or maybe it was made by a consultant years ago and nobody is really maintaining it properly [until NOW, that is]. Or maybe their staff IT guy is underpaid and you get what you pay for.

      I would think that a charity would be more focused on, er, the charity part. SOME charities that have a huge overhead of administration might have NO excuse, but according to one web site, 'Make a Wish' gives out around 75% to 'actual charity' with about 10% in administration and 15% in fund raising (my numbers are rounded, yeah). So I'm guessing that a *bit* more needed to be put into IT but those are the approximated numbers, so there ya go.

      So yeah 'benefit of the doubt' until some audit/investigation proves otherwise.

      icon, because it fits

  2. Cronus

    There's a lot of moralising going on in this article as though the attacker in question specifically singled this site out knowing full-well it was a charity for seriously ill children when in reality it's likely the entire thing was largely automated. The only thing they'd really care about is that it's vulnerable and it has high traffic.

    This is quite literally one of those 'think of the children' type articles you normally make fun of. Quite disappointing really.

    1. gnasher729 Silver badge

      No, it's not. "Think of the children" is the term used when a slight potential danger to children is blown all out of proportion for an emotional appeal. It doesn't apply when someone reports about actual child abuse, and it doesn't apply here where someone actually rips of charities.

      1. FrogsAndChips Bronze badge

        It may not be a "think of the children" article, but it still appears naive from the author to suggest that a scumbag who makes a living planting malware on misconfigured websites would think twice before infecting a charity site. Do we really expect these guys to have any moral sense at all?

  3. Semtex451 Silver badge

    Why did the site admins not think of doing this themselves so the charity gets the mining cycles? I wouldn't mind saying yes to that.

    Anyways, perhaps a whitehat will hack the wallet and donate the contents.

    1. GnuTzu Bronze badge
      Childcatcher

      "so the charity gets the mining cycles"

      As long as it's opt in; otherwise, it wouldn't be a charity. Imagine if a government decided to do such a thing as a kind of tax but kept it secret.

      Anyway, stealing from a charity, particularly one involving children, is just perverse.

      1. bombastic bob Silver badge
        Childcatcher

        Re: "so the charity gets the mining cycles"

        "stealing from a charity, particularly one involving children, is just perverse."

        more accurately, those who give to what appears to be a legit and reputable charity. People who give money to charity are therefore being perceived as "marks" for exploitation and fraud, in this case higher electricity bills in order to fund some miscreant's bitcoin wallet.

        icon - using it anyway, even if it's just for some lame attempt at comedy

  4. Ben Tasker Silver badge

    Is it me

    Or does this article feel a bit more Daily Mail than El Reg?

    > The time of year might also have had something to do with the filth choosing Make-A-Wish as their target

    To be honest I'm not used to hearing "the filth" in a context that doesn't mean the Old Bill. In any case, doesn't feel very El Reg, and reads more like a Daily Mail outrage piece.

    1. Solarflare

      Re: Is it me

      Totally agree..."filth" "scumbag" and "scum" pop up in that article in reference to the attacker. Comes across as terrible journalism if I am honest.

    2. dca1

      Re: Is it me

      I reset my password after maybe 5 years of lurking to back this up.

      I read el reg pretty much daily but I don't come here to read this daily mail style crap.

      I went through the article and took this from it:

      1. sysadmin for make a wish hasn't patched a 5 month old bug.

      2. most likely some script found the ip as vulnerable.

      3. malware distributors do not have a magic blacklist of addresses to skip by which may belong to charities.

      I think I already knew about 2 & 3, which makes this article about a sysadmin having not patched a server. Really interesting reading... Thanks for taking my time.

  5. Rich 11 Silver badge

    Sometimes complex matters do have simple answers

    It's not clear what exactly motivated the utter scum to chose to compromise the website of a charity that performs acts of kindness for seriously ill children

    Greed.

    1. holmegm

      Re: Sometimes complex matters do have simple answers

      And automation.

      Nearly all attacks are automated now.

  6. Voland's right hand Silver badge

    It's not clear what exactly motivated the utter scum to chose to compromise the website of a charity that performs acts of kindness for seriously ill

    That assumes they paid any attention to the content on the site in the first place and the actual script placement was done by a human not an automated attack.

    I do not see any reason for either one of these conjectures to be justified. Most of the work today is done by automated bots and even if there is insertion of javascript by hand it is done by a pay-by-hour "mechanized turk" in some 3rd world country which is neither likely to read the site nor understand its mission.

  7. katrinab Silver badge
    FAIL

    "It's not clear what exactly motivated the utter scum to chose to compromise the website of a charity that performs acts of kindness for seriously ill children"

    I don't think the malware script cares what sort of website it is infecting.

    Also, in my experience, big multinational charities tend not to care about anything other than their director's massive salaries.

  8. Anonymous Coward
    Anonymous Coward

    Have you considered

    ... that there might be some dying child who dreamed of having a large Bitcoin mining operation?

  9. fidodogbreath Silver badge

    Do they accept Monero in Hell?

    Only if it was stolen.

  10. DavCrav Silver badge

    Just the UK arm of the Make-a-Wish foundation turns over £10m/year. This is a multinational charity that, realistically, shouldn't be open to six-month old bugs.

    1. paulf Silver badge
      Childcatcher

      Check the annual reports

      The 2017 accounts confirm DavCrav's figures on turnover. Note it's a scan so not searchable which makes fact finding a touch harder (so perhaps intentional?).

      It's worth noting PDF p27 (p25 of the doc) shows 2 people (of 66 staff in 2017 - PDF p28, doc p26) earning £80k-£90k (presumably CEO and someone else), with three more earning £60k-£70k; plus £15k of pension payments for all 5. Not at the higher end as some of the biggest UK charities tend to pay their CEOs around £140k but not shabby by Charity standards so they can't really claim there wasn't enough in the pot to pay for a decent BOFH to keep the hackerz at bay.

      Total salary expenditure is £1,916,767, so with 66 employees the average salary is ~£30k. Excluding the five execs (2*£85k + 3*£65k) gives an average salary for the workers of ~£25,500

      1. katrinab Silver badge
        Mushroom

        Re: Check the annual reports

        Look at the US accounts

        http://wish.org/about-us/making-a-difference/managing-funds

        On the IRS 990 pdf p.9, The Chief Information Officer earns $246,821; and the VP earns $263,972

        1. bombastic bob Silver badge
          Meh

          Re: Check the annual reports

          "The Chief Information Officer earns $246,821; and the VP earns $263,972"

          well, $250k-ish for a CEO or VP is kinda small, actually, compared to the rest of the industries out there. It has to do with what kinds of decisions that someone in this position can make, and how much they can benefit [or harm] the organization. You get what you pay for.

          Seriously, though, complaining about that just sounds like 'wage envy'.

  11. not a coward scumbags

    cryptocurrency is malware

    Another reason that cryptocurrency is just another way to get everyone to infect everybody's computer with malware to generate fake useless currency with real resources like electricity.

    Cryptocurrency is just a sad pathetic excuse for coders to code malware and attack people's computers for profit.

    The electricity that is wasted on a currency that ironically needs electricity to operate is immense and the little bit of chump change you get out of it isn't going to buy you anything.

    This is why cryptocurrency chumps are rolling out malware attack after malware attack and infecting all of their relatives computers so that they can go to the local Bitcoin cash in or whatever it's called and by drugs or other black-market material.

    If it was up to me I would ban all forms of cryptocurrency and you bet that all viruses malware spyware and other forms of attacks would go down by 50%.

    Cryptocurrency isn't the future. The future is actually where we use real resources like the real electricity that's generated with resources like coal natural gas wind hydroelectric and not waste them in some stupid attempt to prove that a software-based currency looks kind of cool.

    All forms of currency are evil especially cryptocurrency because if you look at all the cryptocurrency millionaires they have their hands dipped into criminality and malware.

    Using a block and chain software for anything is pathetic considering that it costs real electricity which is generated with real resources that are really being wasted by all these internet nerds trying to steal from every vulnerable computer they can get their hands on.

    It's also sad because of these greedy idiots the prices of graphics cards CPUs and other computer materials go up because they're no longer used for playing games watching Netflix businesses or casual browsing they are used to fund cryptocurrency for the black market.

  12. Anonymous Coward
    Anonymous Coward

    Make a wish

    1. Catch the ne'er-do-wells

    2. Place them before the court

    3. Let the Jury decide on punishment via 'make a wish'

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019