Malware ate my homework
Missing homework used to be blamed on the family dog, but now the focus has shifted to the computer. And sometimes – as this user note shows – malware really is to blame.
“My avast! Free version will not let me check teacher's blogs at my daughter's high school website. avast! just started blocking this site about 1 week ago. We can't find any way on avast! Free to "allow" a trusted site. What do we do?” wrote a concerned parent from Harrison High School in Georgia.
The problem was not with avast! – the school’s site (http://harrisonhigh.org) really did have an infection.
“For unprotected visitors, it was the same schema as usual, says Jan Sirmer, analyst at the AVAST Virus Lab. “A screen with a fake AV appears in browser and forces you to download that AV and pay money for it.”
“The attack, not surprisingly :), focused on WordPress,” he adds. “There were redirections to sub-sites at rr.nu. There we detected more sites such as cie69svoi.rr.nu and ordonv12ectorct.rr.nu. Those sites redirected visitors to a site with the rogue antivirus.”
In this case, the concerned parents did the right thing. Instead of switching their avast! off to they could visit this “trusted” site, they wrote a note to the AVAST Virus Lab. That likely saved them from installing a fake antivirus on their computer.
The AVAST Virus Lab is not sure how this school site came to be infected. It could have been vulnerable through outdated software or simply had the malware brought into school on an infected memory stick. Issues with WordPress and connected plugins are common. A recent review of over 6,000 infected sites with the “.com” top level domain showed that 13.6% of them involved WordPress vulnerabilities.
But, the moral of the story is clear: If you get a malware alert, pay attention. Especially if it is a trusted site like your kid’s school.
Highly effective Cerber ransomware is spread via phishing emails and demands more than $700 in ransom
Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.