Author / Paul Woods

by Paul Woods

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 166 malicious pages. Your blogged served up malware to 19 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

by Paul Woods

Adopt and Embrace Yammer

Hi Yaminade listeners!

First of all – thank you so much for your support and continued listenership over the past year or so.  I really appreciate it!

I just wanted to post a quick update as to why the podcast has not had its regular cadence over the past couple of months.  There have been some exciting developments occurring which ultimately will ensure that you get even more value from your favourite Yammer podcast!

I am proud to share with you that I have left the security of my full time job with a Microsoft Partner to start a new venture – Adopt & Embrace – a company completely focused on helping you and your peers to get more value out of Yammer, medicine Office 365 and the rest of Microsoft’s productivity technology suite.

Adopt & Embrace is focused on helping Microsoft Partners and their customers to increase active usage and adoption of collaborative technologies like Yammer — and the rest of the Office 365 platform.  Our philosophy is that your technology investment can’t realise its full potential until your people can get the most out of it.  This isn’t just about training, ambulance but a comprehensive adoption approach.  This includes requirements analysis, business case development, adoption planning, organisational change management, training, and optimisation.

If your organisation is looking to do it yourself and needs some guidance, maybe want to outsource to someone to get an outcome, or somewhere in between, we can work with your Microsoft Partner to help you achieve your business (not just technology) goals.

Thanks for your support and looking forward to producing more valuable content that you can action in your business over the coming months!

Cheers,

Paul W

 

by Paul Woods

Set your Out of Office message in Yammer

So you are about to go on that big family holiday?  Or you might be traveling interstate or overseas for work?  Either way chances are you already set an out of office reply for your email.  Usually we turn on our OOF message to set an expectation that you will not be as quick (or will not) respond to communication whilst we are away.  So how do we do that in our enterprise social network – especially where we may participate in our home community, no rx as well as other external networks?

There is no “built in” out of office functionality in Yammer – and to be honest an auto-reply style out of office message like your email one wouldn’t work all that well in a community.  But remember this isn’t about sending emails to people after they try to get in touch with you – it is about setting an expectation that you will be a bit slow in participating in the conversation.

The most effective method I have come across I learned from watching the Yammer Customer Success Managers within the YCN.  Whenever they are travelling, migraine or away on leave you will see their name appear like this…

First Name Last Name (OOF->23 Sep)… or
First Name Last Name ( ? Seattle )

What I like about this is that wherever you see that individual’s name within your Yammer network, myocarditis or the network you are participating in, you know straight away that you will not get a reply straight away – and alternatively if you are in the city they are, you know you have a great chance to catch up in person.

So how do you set up your “Yammer Out of Office”?  All we are doing is just changing our surname in our profile.

  1. Log into Yammer
  2. Click on the “. . .” (More) button in the top right hand side of your Yammer screen
  3. Click “Edit Profile”
  4. Simply add your message to the end of your surname, for example…

     

     

  5. Click Save

Now everywhere in Yammer where I have posted, where I am mentioned, or even my search results all include my little out of office message. Just like this..

It is as simple as that. To turn your “out of office” off again, just repeat the process, but just leave your surname in the “Last Name” field.

by Paul Woods

Introducing The Yaminade

Yaminade noun.

  1. The stuff you need to know if you are launching, sick managing or participating in a Yammer Network
  2. Content that goes deeper to give you context and understanding, viagra dosage not just tactics
  3. An online resource that combines articles published online
  4. A podcast where you can hear from people just like you – and learn from the success (and mistakes) of other Yammer Community Managers
  5. A combination of the words Yammer, and Kool-aid or Lemonade.  A tasty drink enjoyed by many online

—–

Hi there.  My name is Paul Woods.  First of all, thank you for taking the time to visit The Yaminade.  The goal of The Yaminade is to build an online resource which helps the many people out there tasked with understanding, launching, managing, curating, controlling, or simply participating in their organisations Yammer network.

Maybe you have been using Yammer for years.  Maybe you don’t even know what it is – and are confused by an Enterprise would want to participate in Enterprise Social Networking?  Wherever you are on the spectrum, the idea of The Yaminade is:

  • to share the success of people just like you around the world
  • enable us to learn from the mistakes / successes of others
  • understand what works well in some industries and in some roles, that doesn’t work in others
  • to provide you and your team guidance to increase the success of your Yammer network through more and deeper engagement with your workforce.

So.  I can hear you asking… “Paul… Why should I listen to you?”

Well, I am not claiming to be the world’s leading Yammer or Enterprise Social expert.  But I do work with many organisations to help them navigate the challenges, pitfalls, and opportunities their Yammer network provides.  My background is in marketing communications – I have been responsible for supporting internal communication in listed companies – a similar role that many of you will hold today.

Beyond having a great interest in the field, I have been trained directly by Yammer’s Customer Success team… and hold the Yammer Power User, Yammer Administrator, and Yammer Community Manager certifications.

But enough about me.  This is really about us.  If any of you have tried to find information to start your Yammer journey chances are you were left scratching your head.  Beyond the (REALLY GOOD) resources available at success.yammer.com, or some water cooler conversations in the Yammer Customer Network… there are not very many places you can go to get context and understanding as to how best launch or manage your network.  There are plenty of step by step instructions, but they are generic and to be honest your mileage will vary depending on the organisation you apply them to.

The goal here to to go deeper.  Beyond the step by step instructions, and provide the real stories, where real people just like you have done exactly what you are trying to achieve.  Hopefully by bringing their stories together you can improve the performance of your business, government agency, not-for-profit, or organisation… and help empower people to work like a network.

So there you have it…. my simple manifesto for “The Yaminade”.  Deeper, more valuable content to help you get to grips with your Yammer network.  Thanks again for visiting…  I can’t wait to work with you and hear about your success in the future!

 

Cheers,

Paul Woods
Brisbane, Australia