Blog > Pica Service Announcement > Something Funny in the State of Maine

Something Funny in the State of Maine

Within the last three weeks we’ve been noticing a show-stopping trend. We’ve found more than one local area site plagued by this notice:

Suspected Malware Notice

The problem is usually a piece of javascript that a hacker has added to the site. It can easily be removed as long as you can find the infected files and remove the necessary code. We’re trying to figure out if this is a local occurence, or something that’s more widespread. We’d love to hear from you if you have any idea as to the source of the attacks, or encounter other sites that have been attacked. And as always, keep your passwords tough to guess, and close to the chest!

This entry was posted on Friday, June 12th, 2009 at 7:18 am and is filed under Pica Service Announcement, Tech, Websites. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Something Funny in the State of Maine”

  1. Tim Shackelford Tim Shackelford Says:
    June 12th, 2009 at 7:44 am

    I experienced 7 sites hacked with this same attack in the last couple of weeks. I believe I found the root. A malware infected Windows PC that I wasn’t even using for anything but streaming Hulu to a TV.

    This used to be a development computer so I had Dreamweaver on it and was using Dreamweaver to manage FTP connections to the sites I worked on. Out of 9 FTP profiles in Dreamweaver, 7 were hacked, 1 did not have an index page, and 1 had switched hosting companies. I’m still not certain how the malware got on that machine in the first place, but I have a feeling it probably occurred when visiting an infected site prior to the site being flagged and the warning being displayed.

    The drastic but recommended solution, reformat the PC, clean the code from the website (I had great success by doing a site-wide find on the term “unescape”), then be sure to change the FTP password for the infected site.

    Hope this helps!

  2. Cait Cait Says:
    June 12th, 2009 at 1:36 pm

    I’m so glad you were able to figure out the source and clear it up. We’ve seen the same issue on two other local sites that aren’t ours, but are hosted locally. It would be interesting to know if the code on all is the same, and if they share hosting.

  3. Justin Justin Says:
    June 13th, 2009 at 9:20 am

    I’ve also found that sites that use older versions of software packages (WordPress, phpBB, etc.) tend to be very vulnerable to these kinds of attacks. It’s important for someone – whether it’s the site owner or a company that manages the site for a business – to keep that sort of software as up-to-date as possible!

  4. Cait Cait Says:
    June 15th, 2009 at 7:21 am

    Absolutely. It’s essential to keep up to date with the software packages – open source ones particularly. But at least one of the ones I’ve seen has been just html, and on a well protected local host.

  5. Tim Shackelford Tim Shackelford Says:
    June 16th, 2009 at 8:03 am

    Several of the sites that I dealt with recently were just plain HTML sites with no dynamic content and no CMS of any sort. These were basic brochure sites.

    In this case it was just an infected PC running FTP software that was compromised. This could even happen if a client using Contribute or similar site management software had their PC infected.

    I haven’t heard yet if Macs have also been infected by this malware, but for now FTP info stored on my Mac seems to be safe despite sharing a network with the infected PC.

Leave a Reply