How I Got Hacked... And Why You MUST Have a Backup!
Are You Vulnerable to Drive-By Malware?
Here's the executive summary: If your friend says "I think my website has a virus, and is redirecting to a russian p**n site" -- don't assume your anti-virus software and fully updated operating system will protect you when you go to have a look-see. I did, and it took me about 8 hours to clean up the damage. But there are some valuable lessons to be learned here, so I hope you'll read on.
I always knew there was a slight chance that I could get a virus, because of the "arms race" that exists between the Evil Hackers and the Good Guys who provide anti-virus software. A virus appears, the anti-virus folks add code to protect against it, and then the virus morphs -- sometimes automatically. It's a bit like weeds that become resistant to pesticides.
But I was convinced that all those "drive-by virus infection" scenarios only affected people who would click or download almost anything, those who failed to apply their Windows Update security patches, or those who ran expired anti-malware protection. It turns out I was wrong. There was a pretty nasty "drive-by" virus in one of the many popups that appeared after visiting the hacked website. My anti-virus program caught and quarantined one attack, but didn't fully protect me.
In the case of the hacked website I visited, there were some dormant WordPress installations on the same server that had unpatched vulnerabilities. Once the hackers got in there, they had access to everything on the server, and left their evil payload on the home page of my friend's website. I noticed the following after closing all the popups and restarting my browser:
- Google searches worked fine, but when I clicked on any of the hits presented by Google, it would redirect me to a Russian hacker site.
- It allowed me to download MBAM, but after it ran for a few minutes, the task was killed.
- It allowed me to run Windows Defender, but it also was killed off quickly, and would not restart.
Let's Get This Mess Cleaned Up...
I decided to run a "full scan" with AVG, and that ran for about 45 minutes. But it ended with a Blue Screen of Death and an abrupt shutdown. Afterwards, I could not reboot my machine. I figured that either the Master Boot Record or my hard drive partition was hosed. Time to get out the power tools...
The XP install disc would not complete booting, so I couldn't load the recovery tools and run FIXBOOT or FIXMBR. My Bart PE recovery disk told me I didn't have a C: drive. My Acronis rescue disk couldn't find the C: drive, either, and gave me the impression that my backup image was corrupted. I considered taking out the hard drive and popping it into my external USB drive kit, so I could inspect the drive while connected to another computer. But my computer has two drives in a RAID configuration, so I didn't think that would work.
This was looking like a total loss. My last hope was the Gateway Recovery Disk that came with the machine, which formatted my hard drive and reloaded the factory image. It was like being in 2006 again. (Yes, I've had my primary "work" computer that long.) This at least allowed me to download and run my Acronis backup software (once I dug two license keys out of my old Gmail messages) and retry my attempt at loading the backup image, which was only a day old.
Fortunately, that worked, so it's back to the future, and all is well. But the ordeal cost me eight hours of white knuckled anxiety. Here's what I learned and/or remembered as a result of this nightmarish ordeal, and how you can benefit:
- It really could happen to you. Even if you don't frequent the dark corners of the Internet, even if you're very careful where you click and what you download, you could get zapped by a virus that slips by your anti-malware defenses. And it could get ugly.
- No protection is 100 percent. If it happened to you, do you have a full-image backup? Preferably with incremental daily backups? It could save your bacon.
- Wear gloves. If you're going to visit a website that you suspect has been compromised, don't touch the wires without proper insulation. If I had fired up a virtual machine or a sandbox environment, the damage would have been contained and easily cleaned up with a few clicks.
Are you prepared for a total loss of your hard drive due to a virus, hardware failure or some other disaster? I encourage you to read my ebook Everything You Need to Know About BACKUPS, where you'll learn about backup strategies and how to get started on the road to protecting YOUR data.
Do you have something to say on this topic? Post your comment or question below...
This article was posted by Bob Rankin on 17 Aug 2011
|For Fun: Buy Bob a Snickers.|
Do I Really Need a Firewall?
The Top Twenty
Are You Addicted To Social Media?
There's more reader feedback... See all 51 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- How I Got Hacked... And Why You MUST Have a Backup! (Posted: 17 Aug 2011)
Copyright © 2005 - Bob Rankin - All Rights Reserved