JLF, CJ Sites Hacked; Malicious Code Detected, Removed

CJ Staff

April 28, 2010

Listen to this story (3 minutes)

Due to malicious computer code that was appended to the advertisements appearing on Carolina Journal Online and the John Locke Foundation’s other websites, many visitors to these sites had a tough time accessing them for the better part of two days.

DesignHammer, the Durham-based firm that handles JLF’s website design and development, believes the code never threatened to compromise the security of any computer that visited the sites. Nor were viruses or worms likely to be transmitted by the “malware.” In e-mail correspondence, DesignHammer Managing Partner David Minton said the code was added to every advertisement on the sites, from either someone targeting JLF or an automated, random attack. Those questions may never be answered, Minton said, as “these sorts of things are usually well-obfuscated.”

Around 2:30 p.m. April 26, a warning message was posted on the JLF sites from Google that the Web pages were “attack sites.” The message suggested anyone attempting to access the sites could leave their computers vulnerable to viruses or other security breaches. These warnings appear to have affected primarily users of the Safari and Firefox computer Web browsers; people loading Internet Explorer from a computer or using a smart phone Web browser apparently could view the sites without problems.

DesignHammer soon discovered a security problem with the servers handling external ads on the websites and that the malicious code had been added to every ad on JLF’s Web pages. Google detected the code and posted its attack-site warning.

DesignHammer staff found the offending code, spent several hours removing it, and by late Monday night notified Google that the problem had been fixed and the attack warnings could be removed.

Though Firefox users could view the sites by disabling a security option in their browsers, Google did not remove warnings from some of the pages for more than 24 hours. Minton said that, even though it was safe to visit the JLF pages, DesignHammer could not remove the warnings. Google had to verify each site, and, as Minton said in an e-mail at 11:38 a.m. April 27, “Google moves at their own pace, and there is no way to interact with them. … Google doesn’t send any update — I have just been checking periodically.”

Anyone continuing to find an attack message on a JLF website should be able to remove it by clearing your cache.

Related

VinFast changes gears again over size of assembly building

Chatham County slams the brakes on VinFast as company changes plans

RTP Biotech company granted $15 million JDIG agreement

NC drivers paying less than most for auto insurance across the country