This is a story of how my travel blog (and website) was hijacked by malware. Apparently the hijacking took place while I was staying on the island of Langkawi, one of the most popular beach resorts in Malaysia. I had checked into AB Motel on December 5th and I decided to pay for their daily internet access at 10RM per day (about 3.50USD). While surfing on the internet on my first or 2nd night there, a very loud popup ad appeared on my screen - the popup was luring me to do a free antivirus scan of my system. My gut feeling was that this invitation was bad news, however I clicked something which initiated the download. It took a while before I was able to halt the progress of the download, as the damn window would not go away immediately. I didn’t realize it at the time, but I have a feeling that is how the malware was able to sneak into the very core of my website.

Later on that evening, I tried updating my WordPress Blog in the Firefox browser using the WordPress automatic updater plugin and received a warning from Norton Antivirus that my computer was being attacked, and the installation of the update was aborted. I clicked on the link requesting more information on this attack, and I got the following explanation from Norton (see picture). Undeterred, I tried installing the update with Internet Explorer – this time, I didn’t get the warming from Norton, but the browser informed me that this address couldn’t be displayed at this time and to my check my browser settings. You know the standard stuff…

Somewhat disturbed about this new development, I called my Webmaster in Thailand. We concluded that a bug had corrupted the WP automatic upgrade plugin, which caused the installation to fail. In the days to follow, I continued to blog about my 30-day travel odyssey, but when checking my traffic numbers I discovered that visits to my site had dropped over 80%. Very disturbing to say the least, but I let the matter slide! It was only several weeks later, after returning home to the USA, that I realized the true nature of this nasty malware - how it attached itself to my website like a leech, stealing all my search engine and web traffic.

Here’s how the malware worked – Using the Firefox browser, when people clicked on a search engine listing which linked back to my blog/website, they were either directed to a different and totally unrelated website or if they had a malware detection software on their computer, they received a warning that their computer was being attacked. In the latter instance, when using Internet explorer, the clickthrough would bring up the standard “this address couldn’t be displayed at this time and to your browser settings”. In addition, any hyperlinks to my site sent by e-mail, would behave the same way. No wonder, my traffics figures were way down!

Next – how my Webmaster figured out how to extricate the malware bug from my Website (the Fix), and how you can protect yourself your website from being hijacked!

Tags: Internet, Malaysia, malware

This entry was posted on Tuesday, January 13th, 2009 at 9:20 am and is filed under Internet, Malaysia, malware, travel. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.