WATCH VIDEOS ➲

1-877-BOOK CHAD

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 386 malicious pages. Your blogged served up malware to 57 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Welcome To Roll With Safety

We are so glad you found us! We have been creating this website for the last several years. I’m the guy that took the message all for granted. I had safety meetings all the time. I was the boss and I didn’t listen to the meetings. I am very passionate about doing more than our job requires. I want to engage, educate, and entertain on a weekly and monthly basis.

Now you can have Chad on Demand

It’s about going home at the end of the day safe and sound. It’s about being able to kiss your wife and spend quality time with your kids. It’s about the simple everyday things that make your life, your life. Until, of course, you find yourself involved in an accident. Your life as you know it, will never be the same. Chad experienced his accident in 2001 because he was in a hurry. He wanted to get home and see his youngest son take his first steps. You see accidents did not happen to him, they only happened to the other guy.

Chad has stop thousands of accidents from happening over the last 12 years …

Chad has been traveling around the world telling his story for over 10 years. Throughout the years Chad has produced several safety videos, written three books, and has spoken to literally millions of people. Chad is considered to be, by most, the worlds’ most effective safety speaker.
 
 

 
 

Chad is dedicated and passionately committed to getting his timeless message out to everyone. He knows the impact it has and he works tirelessly all year traveling worldwide. He realizes that timing, logistics and budgets have made it difficult for some companies to bring his message directly to them. He is so excited because now he can reach so many more people with his new program Roll With Safety. He knows the more people he can touch the safer our workplaces and homes will become. For him that is what is most important.

Now you can have Chad streaming live at your company with the Roll With Safety Program. He will customize his message directly to meet your individual needs and work with you to have the time he spends with you make a powerful and lasting impact.

Roll With Safety Program

I can’t believe that I’m the man that took the shortcut. I didn’t plan on it happening to me. I can’t believe that I sat in meetings, gave presentations, and then skipped a pre-op, which led to my accident. I would like to engage with all of you on a regular basis through technology. With this technology we can keep the Roll With Safety message alive. We want you to go home the way you went to work.


 
 

Welcome to Roll With Safety

Now you can have Chad on Demand

It’s about going home at the end of the day safe and sound. It’s about being able to kiss your wife and spend quality time with your kids. It’s about the simple everyday things that make your life, your life. Until, of course, you find yourself involved in an accident. Your life as you know it, will never be the same. Chad experienced his accident in 2001 because he was in a hurry. He wanted to get home and see his youngest son take his first steps. You see accidents did not happen to him, they only happened to the other guy.

Chad has stop thousands of accidents from happening over the last 12 years …

Chad has been traveling around the world telling his story for over 10 years. Throughout the years Chad has produced several safety videos, written three books, and has spoken to literally millions of people. Chad is considered to be, by most, the worlds’ most effective safety speaker.
 
 

 
 

NOW YOU CAN HAVE CHAD ON DEMAND!

Chad is dedicated and passionately committed to getting his timeless message out to everyone. He knows the impact it has and he works tirelessly all year traveling worldwide. He realizes that timing, logistics and budgets have made it difficult for some companies to bring his message directly to them. He is so excited because now he can reach so many more people with his new program Roll With Safety. He knows the more people he can touch the safer our workplaces and homes will become. For him that is what is most important.

Now you can have Chad streaming live at your company with the Roll With Safety Program. He will customize his message directly to meet your individual needs and work with you to have the time he spends with you make a powerful and lasting impact.

The 3 Advantages to Roll With Safety

Chad discusses the three main components and advantages of the Roll With Safety program and why you should become a member and enjoy the benefits.

Shondell Speaks

Chad’s wife, Shondell, speaks about Chad’s accident and the effect it has had on his family.

The Flip Side

Chad’s wife, Shondell, speaks about the effect of Chad’s accident on their family.

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

What You Believe About You

On an episode of Believe TV Chad discusses how your beliefs about yourself = the results you get in your life.