Google lifted the warning for NikonRumors.com. You can now safely access the site. As far as I know, not a single reader was infected with any type of malware. Again, I apologize for the inconvenience. I have taken all security steps recommended by WordPress, but it seems that this type of malware is common for my current host. As far as I know this was not a targeted attack. I do take this very seriously and I will be moving to a new hosting company soon.
When the main site is down, you can always get the latest updates from:
Related posts:
40 Comments
Congratulations Administrator,
Many perhaps were infected by or through Windows flaws, Java Script exploits or even Firefox/Chrome exploits.
There is an ongoing serious situation now, so perhaps be vigilant.
I am moving to a new host/server, hopefully early next week, in addition I already had security monitoring through sucuri.net.
Have you verified whether the host was compromised or if the malware was delivered via one of your ad vendors? Both are hypothetically possible, so if you switch hosts but it turns out to be an ad vendor that you kept, the problem could recur.
I doubt it’s from the ads, I am using Google, Amazon and NetShelter (used also by MacRumors), the rest of the ads are just hyperlinked images. The description of the malware I had clearly said that it is typical from my host MediaTemple.
Ok. That sounds good.
Just offering a tip to make sure that possibility was covered against.
glad to have you back!
What is your host admin?
Media Temple – I was very happy the last 2 years, not any more.
…I just did a full scan,…nothing here!
JMD
I did get two malware from your site. I scan everyday with Malwarebytes and it found two. It was able to delete them.
I’m still getting the google warning, twice a visit.
Thankfully NOD32 blocked all the malware from infecting my machine before the Google warning was put in place. Stoped browsing the front page as soon as I was spammed with AV popups. Have just been using google reader up till now. Glad to see the issue is now resolved. Just goes to show how important good AV protection is these days.
I wonder if it is getting here some other way. I never did see warnings, but then Firefox blocks everything that isn’t coming from the actual site I visit for me and I have am behind physical firewalls and have firewall software and software scanning on every machine, so never is an issue for me.
I got my site infected with something simillar… its an exploit that uses one of the keys that nobody changes…
It was a pain in the ass to remove!!
I just received the warning and clicked through. A java malware / trojan was launched but caught by MSE. This is coming from one of your ad networks.
Well, unfortunately for me my link scanner option in AVG was not active on one of my machines and it got infected.
So you have at least one person that did get infected and I suspect there are others who have just not reported it.
AVG seems to have eventually gotten rid of all the offending files as far as I can tell.
So far no damage to the machine other than it’s missing a .dll that it wants to load at startup. My other machines that I accessed nikonrumors from did not have any issues.
John
I did get a warning on a PC I was using with AVG. (I am normally on a Mac.) Over the weekend, before the problem, a friend had told me that there were problems with AVG and that McAfee was recommended instead. I have not yet found any references confirming this though. I wonder what the straight skinny on AVG is.
AVG buahahaha theirs your problem LOL!
Running Avast Pro (latest version) + Malwarebytes (Full) and never have any viruses/trojans/malware/etc.
sorry to say but my internet security still shows warning.
try to clean your cache – I think you may still have cached the warning page.
I did get infected but did a full scan today and removed them all. No hard feelings!
sorry, glad everything got cleared
I got infected also, spybot was able to remove it though. no hard feelings either.
No worries. Not your fault and this is a great site.
Correct me if I’m wrong, but instead of:
“I do take this very serious and I will be moving to a new hosting company soon.”
Shouldn’t it be:
“I do take this very seriously and I will be moving to a new hosting company soon.”
if google is saying this site is safe, how come firefox is still blocking it???
http://www.zarias.com got the same malware, the site is also hosted on MediaTemple
It has to do more with the security of wordpress than with the host (although the host has some blame too) the thing is being on top of security patches but this won´t be a warranty for a clean site remember that the security patches are issued after a hole in the security has been exploited.
I will sound silly but that is one of the advantages of Blogger, you don´t get to deal with this kind of stuff.
No need to apologize. You doing a great job. Thank You.
I ended up with a total of 4 Trojan Horses after performing a full scan on my machine. My PC runs a monthly scan and I’ve never had a Trojan (or any other virus) before, so I can’t help but believe it came from here. The last scan was run a couple of weeks ago with nothing detected. No bad feelings, though. I realize it wasn’t NR’s fault. Thanks for correcting it and bringing it to light so everyone could scan their machines before anything worse happened!
Might I suggest Squarespace? They will let you import your site so downtime would be minimal. It is what I use and I have no crazy problems. Good to have you back up and running though!
Go with IXWebhosting, i run multiple websites with them, great service/pricing.
I have also set up a couple businesses with them, no issues (+4 years and counting).
It seems some (or many) websites were compromised.
A renowned forum was also attacked to exploit a vulnerability on the banner adds. Hacker changed banners code to automatically download (in some systems and browsers) a malware (trojan). Now it’s fixed.
Windows systems with non up-to-date internet browsers (and plug-ins in case they are installed, such as Adobe Reader, Java support, etc) are the main target, and can be really at risk.
On Windows systems users MUST have an up to date Antivirus, Browser and plug-ins. Sad but true.
Even Chrome and Firefox with the latest version of the browsers users were affected by this problem, as an example I use Chrome and all my plug-ins were up to date and the browser prompted downloads, there is no guarantee that having them to the latest version will keep things clean (Most security patches are issued AFTER a security hole has been exploited in the blog software and/or plugins).
There are plenty of security holes in other OS too the thing is how little press they get thanks to their PR machine (apple as an example) http://macviruscom.wordpress.com/ even in their mobile phone´s OS (which mac had a problem they tried to keep hush-hush… an exploit that allowed someone to control a phone and they did an update only because it would help to stop jailbreaking and not because of the security concern -they simply don´t want to admit it-.
There´s not such a thing as a safe OS there are only OS´ with less people interested on trying to break them apart… So stop being so patronizing.
As far as I know, not a single reader was infected with any type of malware.
I’m afraid I was, just as I suspected.
After getting the update for my antivirus software (which unfortunately had expired just a few days ago), a full system scan found and removed the malware “Trojan.Gen” in a Java file on my computer. Since a Java window had opened when I visited nikonrumors while it was infected, I strongly suspect that I got it here.
So, unless you are sure you weren’t hit, get a good antivirus software (I use Norton AntiVirus) and let it look for this thing.
Few links that might be worth reading:
http://wordpress.org/support/topic/blog-infected-with-malware
http://www.uhleeka.com/blog/2010/07/johnnya-wordpress-malware-on-mediatemple/
I cannot speculate the issue further without knowing how different users access MT stuff or detabases etc. Personally I would recheck the write permissions on WP Super Cache configuration files as they need to be relaxed (or manually updated) on installation and some might not remember to tighten them afterwards.
actually I was infected by malware just when I visited nikonrumors.com 2 days ago (or was it already 3 days?).
Thanks Malwarebytes’ Anti-Malware I was able to remove the malware quickly!
Exploit Phoenix Exploit Kit (type 1593) Google Chrome :/ AVG blocked it, but still
sweet. I was wondering why I keep getting to warning the other day.
I had a trojan horse. I’m thanking Hitman Pro for removing it! It has a 30 days trial download which helped me remove the program.