Sometime in the last few months, there was an issue with accessing the admin side of the site. During this time, a black hat inserted malware into the site. This added code to the javascript that runs on your browser. We have evaluated that code and all it does is send back a short message to the site which in turn forwards that message to “home”.
No information was taken from the site. No information was taken from your computer.
If you ever see anything on the site that makes you go “hmmmm” please contact Miguel and let us know.
Thanks, AWA
P.S. we removed code from some 1300 different files, we evaluated some 3000 files in the process.
Thanks for the report.
Damn that sucks. Thanks for the disclosure.
Get some Wordfence installed. Super handy
Did this script insert any code on visiting computers? Do we need to look to see if any of our files were infected?
This javascript code did exactly one thing, it sent a token back to GFZ which was then forwarded. No information was taken from your computer, no modifications were made to files on your computer by this javascript.
When we detect code that can actually cause harm to other computers, we shut the site down until we can verify it is clean. That was not the case this time. We let the malware run until we could remove all of the malware at one time. That way, by the time the black hat knows something is up, they are already locked out.
Well done!
–
Thanks, AWA! Both for the work and for the disclosure! 🙂
Thank You for your diligence
So I’m not a computer guy, at all. At All. I can barely make this thing work.
Though i find perverse joy in Obliterating them when i have had enough of there BS. And Printers also?
Whats “The Message” and where is “Home”
Just curious.
Thanx for the info.
Where was “home”? DHS? NSA? Brady Campaign?
Man computers are the worst.
And look at you guys already better than just about every “real” journalist and now you can add better than lots of tech companies.