All posts by akatimo

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 299 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Who Did It? The Clue VCR Game is HERE!!!

It’s June 9th – you know what that means? Everyone can now see Who Did It? The Clue VCR Game!!!

It’s here!!! Frank and I has such blast making this documentary for you. We’re in the business of making people happy, being young again, holding onto nostalgia – And we feel we did just that. We don’t want money – We just want you to smile, relive your childhood, or learn something new in a lost memory of video game history.

Thank you again to all the Clue VCR cast a crew for helping us out, and thank you Steve Perry and the RI Comic Con for that extra boost to make this film happen. Thank you Nathanel Tronerud for your gorgeous music, and thank you to all the patient Clue fans waiting three years since it’s announcement!

Ladies and gentlemen…

We also just made a Facebook page for upcoming screenings and Cable Access showings. Be sure to “Like” us, and to also keep a look out for some rare videos and photos, marketing pieces, and upcoming film reviews!

I’m glad that you’re Stuck with Me.

Marc with a C’s album This World is Scary as F–k is reaching it’s 10th Anniversary! Marc is repressing the album on vinyl and asked me to make another animation, this time for the song ‘Stuck with Me’. When we discussed the presentation of the album, the cover will remain the same with a black and white photo of his daughter blowing bubbles, but only the wand is yellow. Then the vinyl itself will be yellow.

VinylPhotobyMarc
I wanted to keep that black/white/yellow feel- So I thought Hey! Why don’t I get my super creative friends together, use the budget on food and drinks, and make a giant collage?

My Awesome Friends
Aren’t my friends amazing??? I then photocopied the collage onto yellow paper, broke out my Surface Pro, drew some more squigglevision, and ta da!

Magicland, where all your dreams come to die.

My good friend Jenn Dlugos has been working on a web series about the troubling theme park Magicland. She brought me on to film and edit the series! I bring you some found footage of the park… a prequel if you will. Look for more episodes coming out, and make sure to check in with the park’s website for upcoming events and attractions!

Nominated for a second EMMY!!!

NEEmmy
Carla and I were just nominated for an EMMY for One Day… The Story of a Storm for Best Historical/Cultural Program! Here is the full nomination list.

This is my second nomination, and I couldn’t be more excited. It’s cliché, but it really is an honor to be considered with all the rest of the best in New England. We’ll let you know what happens at the ceremony May 30th!

UPDATE: We didn’t take home a statue, but we had a blast. Again, an honor. Until next time 🙂

Blood! Sugar! Sid! Ace! BUY!

Back in 2012 my friend Mike Messier and I produced an experimental feature called Blood! Sugar! Sid! Ace!

Things got crazy. I was hired, which felt like a 24/7 job, at WaterFire Providence- Mike went onto other projects as well- we fell trapped into “We’ll get to it.” And we finally have. We’re proud to announce that Blood! Sugar! Sid! Ace! is now up for sale and rent at VHX.tv!

Check it out – keep an open mind – pop some corn –  and enjoy!Logos_Crystal-on-Transparent-FPO-a0298eb726bdd9a5c3003358c69b8bdaBlood! Sugar! Sid! Ace! on VHX.tv
RENT OR BUY NOW

Who Did the Soundtrack? Nate Did.

Long story short- if you’ve been following my news feed, you’ve noticed my friend Frank Durant and I made documentary called Who Did It? The Clue VCR Game. We showed it at RI Comic Con, we showed it at the SENE Film Festival and won an award… but there’s still this footage from the WBZ Evening Magazine Spot about the production of Clue VCR II: Murder in Disguise in Newport, RI.

The guy I was in contact with on The Art of Murder forums disappeared on me, WBZ-TV gave the archives to WGBH… WGBH got rid of them… I was defeated and made a release date of the film.  Lo and behold, Michael Dell’Orto (Monsieur Brunette himself) came to the rescue! He had a copy of it!!! He got it to me ASAP–

Who Did It OST Cover
So- in the meantime, as I rework the second part of the film to put in this amazing footage behind the scenes of Clue VCR II, our composer Nathanael Tronerud has released Who Did It’s Soundtrack. Please check it out and buy a copy. He worked his butt off on it, and I honestly feel it’s why the film flows now.

See you in June!

The Sometimes come…

So a few years ago I was in a funk. During this, I left facebook… and joined twitter- haha. I was reading an article and found this artist Marc with a C. I looked up his music, and ordered his newest album within minutes. Over time we slowly became friends through e-mail. After seeing my animation for Danny Weinkauf of They Might Be Giants fame, he brought me on to make an animation trilogy for his upcoming side project Claire and the Potatoes. In the mean time- he recorded his new, amazing album “Exactly Where I Am“. He asked me to make a video for The Sometimes. He sent over the track, I thought long and hard for a few months… But actually doing a Marc with a C track has only sunk in now. Here it is!!!