A Small Orange Forums: System Compromise 07/09/09 - A Small Orange Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

System Compromise 07/09/09

#1 User is offline   -ASO- Frank

  • Very Large Orange
  • Icon
  • Group: Support
  • Posts: 616
  • Joined: 01-December 08

Posted 09 July 2009 - 06:19 AM

As many of you are aware, a large number of our systems were compromised this past evening. We tracked the attack down to an employee who was working from home. Apparently his PC was infected with a virus of some kind, at which time his password was stolen.

We are planning on implementing some additional security measures in the next few days to keep this from occuring again in the future.

Below are the status of the affected systems. If your system is not listed here, or listed in the "Fully restored" section, and are still experiencing issues, please feel free to contact our support department.

WARNING: During a short period of time during the attack, your site may have been redirected to a malware page promoting a "Web Accelerator" program. This file contains a virus identified as "Backdoor.Win32.VanBot!IK." Though the exposure time was very short, (less than 30 minutes) there is a possibility that users may have downloaded it. I would suggest informing your users of this and recommend that they run a virus scan and take measures to ensure their system is clean if they happened to download it.


Fully Restored

* aaron.asmallorange.com
* adam.asmallorange.com
* adama.asmallorange.com
* alex.asmallorange.com
* alvar.asmallorange.com
* amelia.asmallorange.com
* analucia.asmallorange.com
* apollo.asmallorange.com
* arzt.asmallorange.com
* athena.asmallorange.com
* bea.asmallorange.com
* ben.asmallorange.com
* bernard.asmallorange.com -> moved to pierre.asmallorange.com (75.127.98.111)
* brian.asmallorange.com
* boomer.asmallorange.com
* boone.asmallorange.com
* caesar.asmallorange.com
* cally.asmallorange.com
* carmen.asmallorange.com
* charlotte.asmallorange.com
* christian.asmallorange.com
* colleen.asmallorange.com
* cindy.asmallorange.com
* daniel.asmallorange.com
* desmond.asmallorange.com

I will try to update this thread as more information becomes available.

UPDATED: 7-10-09 / 8:19 EST
Frank Laszlo
Code Ninja
A Small Orange Software
"Working all night so I can sleep all day"

Need Help? Check our Wiki!
0

#2 User is offline   -ASO- Andrew

  • Rather Big Orange
  • Icon
  • Group: Admin
  • Posts: 395
  • Joined: 18-September 06

Posted 09 July 2009 - 04:50 PM

The "Fully Restored" list means that the server backup/restore process was complete, but there may still be some issues with individual accounts. If you have any problems with a site missing data on a "fully restored" server, please submit a support ticket.


.
Please do not PM me with support requests.
Instead, use the Ticket System or send an email to help@asmallorange.com
0

#3 User is offline   -ASO- Frank

  • Very Large Orange
  • Icon
  • Group: Support
  • Posts: 616
  • Joined: 01-December 08

Posted 10 July 2009 - 07:20 AM

All servers are now back online.
Frank Laszlo
Code Ninja
A Small Orange Software
"Working all night so I can sleep all day"

Need Help? Check our Wiki!
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users