Chiang Mai City Life

[Sao Jiang Mai]

Que? Surely not. I haven't seen such a thing. Surely not. How awful if so. (Tourist Police? We weren't being portrayed as naughty tourists were we?) OK, am rushing off for a look now...yikes.

[eek]

God, I am so sorry. Please avoid it until firther notice. We had the all clear yesterday but got attacked again and now have all clear. But best to avoid it for now. I will tell you when it is perfectly safe. I am so sorry. This sucks. Pim

Not your fault Pim, no worries. Its all clear for me now anyway. Thought id let you know.

[rishi]

God, I am so sorry. Please avoid it until firther notice. We had the all clear yesterday but got attacked again and now have all clear. But best to avoid it for now. I will tell you when it is perfectly safe. I am so sorry. This sucks. Pim

... besides cleaning what's on the server, make sure the staff changes all passwords and that anyone having access to the server gets their own computers cleaned as well!

It'll take a couple of "clean weeks" - i.e weeks with no reappearances - before google, etc. will remove their warnings.

Can recognize the picture from a situation I was in last year. I'm a web developer and a bunch of my clients got their sites infected. It turned out that some Chinese had invented a BRAND NEW virus, which infected my work computer and picked the passwords from the program I used for FTP and thereby gained access to modify source code on the server at will. --- What these culprits did was to add a few lines redirecting visitors to my decent clients' sites to some Chinese malware site that attempted to download virus to the visitor's computer.

No, I'm not careless. I have virus protection installed that gets updated 4 times a day - the keyword in the preceding paragraph is "BRAND NEW". New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database.

To those who have visited the sites in question in this thread, without warnings of any kind, I'd suggest you get your computers scanned with an updated virus scanner before you log in to your web bank next time.

[Loaded]

Que? Surely not. I haven't seen such a thing. Surely not. How awful if so. (Tourist Police? We weren't being portrayed as naughty tourists were we?) OK, am rushing off for a look now...yikes.

Many apologies. I had a better look yesterday and it isn't you or hubby.

[Beetlejuice]

Just opened it with Firefox and I.E.

No warnings, no problems.

[Mestizo]

God, I am so sorry. Please avoid it until firther notice. We had the all clear yesterday but got attacked again and now have all clear. But best to avoid it for now. I will tell you when it is perfectly safe. I am so sorry. This sucks. Pim

... besides cleaning what's on the server, make sure the staff changes all passwords and that anyone having access to the server gets their own computers cleaned as well!

It'll take a couple of "clean weeks" - i.e weeks with no reappearances - before google, etc. will remove their warnings.

Can recognize the picture from a situation I was in last year. I'm a web developer and a bunch of my clients got their sites infected. It turned out that some Chinese had invented a BRAND NEW virus, which infected my work computer and picked the passwords from the program I used for FTP and thereby gained access to modify source code on the server at will. --- What these culprits did was to add a few lines redirecting visitors to my decent clients' sites to some Chinese malware site that attempted to download virus to the visitor's computer.

No, I'm not careless. I have virus protection installed that gets updated 4 times a day - the keyword in the preceding paragraph is "BRAND NEW". New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database.

To those who have visited the sites in question in this thread, without warnings of any kind, I'd suggest you get your computers scanned with an updated virus scanner before you log in to your web bank next time.

Let's see:

1.) You still use FTP, an antiquated protocol that transmits passwords in PLAIN TEXT.

2.) You expose the FTP service on the servers to the entire world instead of limiting access to a few source netblocks.

3.) You use an operating system (Windows) that is inherently vulnerable to malware.

4.) You are storing client passwords insecurely on your local machine.

5.) You executed and/or accessed some questionable material which caused your infection in the first place.

6.) You don't understand how anti-virus detection works. "New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database." <-- This is an inaccurate statement. Suggest you google heuristic analysis and how it relates to malware detection.

Nope, you are not careless at all.... :jerk:

-Mestizo

[rishi]

God, I am so sorry. Please avoid it until firther notice. We had the all clear yesterday but got attacked again and now have all clear. But best to avoid it for now. I will tell you when it is perfectly safe. I am so sorry. This sucks. Pim

... besides cleaning what's on the server, make sure the staff changes all passwords and that anyone having access to the server gets their own computers cleaned as well!

It'll take a couple of "clean weeks" - i.e weeks with no reappearances - before google, etc. will remove their warnings.

Can recognize the picture from a situation I was in last year. I'm a web developer and a bunch of my clients got their sites infected. It turned out that some Chinese had invented a BRAND NEW virus, which infected my work computer and picked the passwords from the program I used for FTP and thereby gained access to modify source code on the server at will. --- What these culprits did was to add a few lines redirecting visitors to my decent clients' sites to some Chinese malware site that attempted to download virus to the visitor's computer.

No, I'm not careless. I have virus protection installed that gets updated 4 times a day - the keyword in the preceding paragraph is "BRAND NEW". New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database.

To those who have visited the sites in question in this thread, without warnings of any kind, I'd suggest you get your computers scanned with an updated virus scanner before you log in to your web bank next time.

Let's see:

1.) You still use FTP, an antiquated protocol that transmits passwords in PLAIN TEXT.

Which alternative would you suggest for uploading source code to servers than do not offer other options (which includes all servers I've ever known)?

2.) You expose the FTP service on the servers to the entire world instead of limiting access to a few source netblocks.

Would you care to evolve a bit on what you mean?

3.) You use an operating system (Windows) that is inherently vulnerable to malware.

Mostly I'm using Kubuntu, but do occasionally switch to Windows, because I need to check how things look in IExplorer.

4.) You are storing client passwords insecurely on your local machine.

No, I'm not. The password was stored, encrypted by my FTP-program, which was on the list, later published, of programs the malware producers knew how to hack into.

5.) You executed and/or accessed some questionable material which caused your infection in the first place.

Like e.g. the material offered by Citylife?

6.) You don't understand how anti-virus detection works. "New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database." <-- This is an inaccurate statement. Suggest you google heuristic analysis and how it relates to malware detection.

I'm quite familiar with heuristic analysis, even to the extent that I know it isn't fail proof

Nope, you are not careless at all.... :jerk:

Yes, you are very naive if you believe something similar could never happen to you... Go :jerk: yourself - which you do appear to be pretty good at, by the way.

Edited July 12, 2010 by rishi

[Mestizo]

God, I am so sorry. Please avoid it until firther notice. We had the all clear yesterday but got attacked again and now have all clear. But best to avoid it for now. I will tell you when it is perfectly safe. I am so sorry. This sucks. Pim

... besides cleaning what's on the server, make sure the staff changes all passwords and that anyone having access to the server gets their own computers cleaned as well!

It'll take a couple of "clean weeks" - i.e weeks with no reappearances - before google, etc. will remove their warnings.

Can recognize the picture from a situation I was in last year. I'm a web developer and a bunch of my clients got their sites infected. It turned out that some Chinese had invented a BRAND NEW virus, which infected my work computer and picked the passwords from the program I used for FTP and thereby gained access to modify source code on the server at will. --- What these culprits did was to add a few lines redirecting visitors to my decent clients' sites to some Chinese malware site that attempted to download virus to the visitor's computer.

No, I'm not careless. I have virus protection installed that gets updated 4 times a day - the keyword in the preceding paragraph is "BRAND NEW". New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database.

To those who have visited the sites in question in this thread, without warnings of any kind, I'd suggest you get your computers scanned with an updated virus scanner before you log in to your web bank next time.

Let's see:

1.) You still use FTP, an antiquated protocol that transmits passwords in PLAIN TEXT.

Which alternative would you suggest for uploading source code to servers than do not offer other options (which includes all servers I've ever known)?

2.) You expose the FTP service on the servers to the entire world instead of limiting access to a few source netblocks.

Would you care to evolve a bit on what you mean?

3.) You use an operating system (Windows) that is inherently vulnerable to malware.

Mostly I'm using Kubuntu, but do occasionally switch to Windows, because I need to check how things look in IExplorer.

4.) You are storing client passwords insecurely on your local machine.

No, I'm not. The password was stored, encrypted by my FTP-program, which was on the list, later published, of programs the malware producers knew how to hack into.

5.) You executed and/or accessed some questionable material which caused your infection in the first place.

Like e.g. the material offered by Citylife?

6.) You don't understand how anti-virus detection works. "New vira surface all the time and not even the most powerful virus protection can protect you against a virus that isn't registered in their database." <-- This is an inaccurate statement. Suggest you google heuristic analysis and how it relates to malware detection.

I'm quite familiar with heuristic analysis, even to the extent that I know it isn't fail proof

Nope, you are not careless at all.... :jerk:

Yes, you are very naive if you believe something similar could never happen to you... Go :jerk: yourself - which you do appear to be pretty good at, by the way.

1.) scp/sftp. If your hosting provider does not offer those then maybe you were careless in your choice of providers.

2.) You should limit access to FTP/SSH/SCP/ STFTP/ etc to only the source netblocks you will be accessing the service from. By reducing the exposure, you reduce the attack surface. This is easily done via iptables or tcp wrappers.

3.) Ok good. So only windows when you need to look at a site in IE... But then why were you doing all your FTP'ing from Windows instead of Ubuntu??? Hmm... And why not run IE via Wine in Ubuntu and not have to switch in the first place?

4.) "Stored encrypted by FTP program" absolutely does NOT equate to stored securely. Passwords should be stored in a strongly encrypted vault application. I suggest you look into Keepass or something similar. What you have done is the real world equivalent of being surprised when a thief is able to break into your home and steal your valuable jewels from the shoebox that you had clearly secured shut with a couple pieces of duct tape. You stuff shoulda been in a proper safe.

5.) In combination with your response on #3, this is really sounding like a bit of BS to me.

6.) Excellent! I spent about 5 years working with the guy that wrote the first ever anti-virus program (Norton) along with the guys that ran the malware research and AV product certification arms of ICSALabs. The 2 key things they impressed upon me was that it all boils down to two things. Common sense and synergistic layers of controls. Meaning that if you use a bit of common sense and configure/ maintain your machine properly (routinely apply patches, disable unnecessary services, configure your host firewall, configure your mail client to not execute attachments, lock down network shares, etc)

Naive> Nope, nothing like this has NEVER happened to me and most likely never will. Most security failures are usually the result of the end user not exercising common sense. Additionally, after more than a decade of working in the infosec world, I am just a wee bit pass the naivety stage..

For the rest of you, my message is this. Don't fall victim to the fear mongering. You are not some defenseless person that some evil chinese hacker is out to get. If you practice safe computing and exercise some common sense, you'll be OK.

-Apply those Windows patches when they come out.

-Don't open suspect emails from names you dont recognize or click on attachments that you are not sure of.

-Don't allow applications to auto-save your passwords, SSNs, credit card numbers, or personal information. If you need to save that stuff on your computer, look at applications such as Keepass.

-Install an anti-virus program and keep it up to date. My preference is "avast!", which is 100% free for non-commercial use.

-Ensure your computer's firewall is turned on.

-Don't plug random USB drives into your computer.

-If you are going to access "questionable" sites, exercise extreme caution. As an extra layer of protection, consider opening them in "private browsing mode" , i.e an Incognito window in Google Chrome.

-Be very aware of what you type over a wireless connection. Consider this information public.

-If you use a public computer in an internet cafe, make SURE you log out of the web application, clear the browsing cache/ cookies if possible, and then completely shut down the browser.

-If you use a public computer in an internet cafe, be wary of keystroke loggers. One trick I like to do is to type a couple letters of my password, then cut and paste the next from characters of text on the page, and then type the last few letters if necessary. Another thing I sometimes do, is carry a USB thumbdrives with portable apps. I can cut and paste my password directly from portable version of Keepass and use the portable version of Firefox or Chrome.

Its really as simple as that

-Mestizo