About Last Week’s Malware Attack
About Last Week’s Malware Attack
About Last Week’s Malware Attack

    Get Involved Today

    As you may have noticed, on Thursday November 17th we received a warning from Google
    that an automated scan had discovered that some of our site’s pages could “cause users
    to be infected with malware.” Immediately after we were notified of this issue, our
    hosting provider and website developers worked together to identify and remove
    the threat, which was initially completed by mid-morning Thursday.

    Unfortunately later on that afternoon our site was again hacked, which caused
    us to take the site off-line for several hours. After removing the new malware script, we then proceeded to  implement even more rigorous security precautions above and beyond industry standard
    practices for a site like this.
    This was all completed by mid-day Friday
    and our site was certified as malware-free by Google that afternoon.

    In terms of the immediate afffects, From Wednesday to Friday we saw an 88% drop in traffic and a dramatic increase in our bounce
    rate.  Although we were sorry to have to
    incur the loss in traffic and out-of-pocket expenses in recovering from this
    attack, we do think this is a good example of how the free market worked to
    thwart malware
    without government intervention.

    Another theory pushed by certain proponents of SOPA is that
    the malware warnings on our site are somehow analogous to, and a justification
    for, the DNS blocking provisions in SOPA.  (Note: the specific malware warnings in
    question were not implemented through the DNS system- they use browser-based
    technology, similar to anti-virus software, to protect their users).

    Perhaps if these proponents had pushed for someone with
    technical expertise to testify about the DNS blocking provisions on SOPA at the
    hearing last week, they would have learned why DNS blocking is a terrible and
    ineffective approach to shutting down a website.

    In fact, PK’s particular situation actually illustrates why
    DNS blocking is a bad idea:

    • In this situation, the malcode blocking was
      warning from Google, which occurred well after leaving the DNS and hitting our site.
    • If you used Internet Explorer or a mobile
      device, you most likely didn’t see the warning.
    • If you followed PK on Twitter
      or Facebook you could have accessed our without seeing the warning by typing in
      our IP address: 71.6.218.209

    So in brief, if individuals were to begin accessing sites directly
    via their IP addresses, malware attacks such as these would be harder to detect
    and combat.

    Could Your System
    Have Been Affected?

    Short Answer:  Very
    unlikely
    . Although the warning from Google was up for almost two days, the actual malware which caused it was only
    present for a few hours

    Long Answer: If you followed the warning and navigated away from the
    site, you would not have been affected. However even if you continued to browse
    the site (or never saw the warning because you were using Internet Explorer or
    Safari), if your operating system was up to date and you were running
    appropriate anti-virus software, it is extremely unlikely that your system was
    affected.

    What’s Next?

    We have changed hosting providers to our own dedicated,
    secure server and we are still very much investigating the execution of this
    attack in cooperation with federal, state, and local law enforcement agencies
    to report the intrusion.

    If you think your system might have been affected, please
    let me know.