A Cautionary Tale
Well folks, today I’ve got a story I’d rather not tell. I report on a lot of security issues, that have to do with computers and the web, but I haven’t been the subject of a report until now! You say, “Say it ain’t so Dr. Bill!” Sorry, but it’s true, it just goes to show that anybody can be caught up in a security issue if you’re not careful.
Let’s look at what happened, and I’ll explain the situation. I was minding my own business a few days ago checking out things on Facebook, when a friend of mine sent me a Facebook message they told me that they had seen an article in a computer blog that seem to reference one of my websites. I thought to myself, “What’s this about?” I checked out the article, and sure enough, there for all to see was the web address of one of my old websites! The problem with being a webmaster, particularly being one as long as I have been one, is that you can have old sites that are not properly cleaned up, and disposed of.
It’s not enough to decommission a website by simply getting rid of the domain name link and not deleting the old files, the old references, etc. as a webmaster you have to do a more thorough job cleaning up after yourself. And this is where my “mea culpa” comes in. I had a website many years ago and though I cleaned it up to a certain extent, I left the directory, which was actually a subdirectory on another site available to the web. Big mistake!
The article that my friend pointed me to was from a blog called “Bleeping Computer” in which they discussed the hack of the popular VSDC website. Now, VSDC is the video editor that I use for my video programs, and they do a great job of producing the software… which is very popular with a lot of folks around the web. It appears that their site had been hacked such that folks that downloaded the files off of the VSDC website were then infected by means of files that actually came off one of my old websites that had been hacked!
I found myself in the unenviable position of having to own up to the fact that I had allowed one of my old sites to be hacked and used for this exploit. Which I did in a comment on the “Bleeping Computer” article. I have to admit it was hard to swallow my pride and own up to the fact that one of my web old sites had been hacked and used for this exploit.
I’ve since cleaned up the site properly and VSDC has cleaned up their site and they are no longer propagating this exploit from their site downloads as well. The author of the article did point out, and I agree, that VSDC did a great job of just owning up to the fact that they had been hacked, and then took care of the issue quickly. This doesn’t happen very often; most of the time organizations will ignore, or deny, the fact that they been a victim of a hack.
I have much respect for the fact that VSDC did own up to the issue and fixed it. I trust that folks that read the article, and my comment, will also understand that I was a victim as well, and in no way related to any of the knuckleheads that actually perpetrated the attack on VSDC and the folks that downloaded files from that site.
Now, pardon me, as I slink off to lick my wounds and vow to be more careful about the future disposition of all my old websites! By the way, if you are a webmaster, and have old sites that could be commandeered and used as mine was, please take a moment to go clean up your sites as I did mine!
Here’s the article in question: Popular Software Site Hacked to Redirect Users to Keylogger, Infostealer, More