Website viruses and the dangers of User content

Computer viruses are commonplace these days. I remember the early days (fondly) where a computer virus had the decency to be predictable and easy to defeat. And, because of the limitations of the Internet, limited mainly to transmission through word documents or from executing modified program files. These days, the term 'virus' covers a lot of software entities, trojans, malware, adware etc etc. Methods of transmission can be through any number of methods. Today I was asked to recover a website (not one of mine) from a viral 'attack' that had rendered it 'barred' according to the google anti malware project.

The virus in question turned out to have been deliberately placed, and the effectiveness of it was quite startling. Through the infection of the original web designer's computer, the 'hackers' had gained access to FTP passwords, and had placed code in amongst various the wordpress files that drove the site. Website visitors would not even know it, but if their security was not set up correctly, then the virus would execute scripts hosted remotely on their computer, potentially giving the originators access to personal information from website visitors. The startling thing was that the origin of the virus might have been as benign as a User submission; the scripts uploaded through the standard forms could potentially place code in amongst the content management system's pages.

The lesson?

For me, it shows the value in going bespoke. When you have a large and complex content management system like Wordpress, you need considerable expertise to keep a lid on all the emerging vulnerabilities. This is a factor that is often overlooked when choosing a back end to a web site build.

For those interested the virus was gumblar.cn

Here are some facts on this virus: http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/ - This page enabled me to eliminate the virus from the website in question. Thank you authors!