Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 383 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

• Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
• Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
• Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
• Verify all users are valid (in case the attackers left a backup account, to get back in)
• Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
• Run antivirus scans on your server
• Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
• Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
• Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
  and Wordfence Security, all do some level of detection, but not 100% guaranteed
• Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
• Check subdomains, to see if they were infected as well
• Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Hello, and welcome to WrenwyckW.com!

First let me state that Nothing that is True is New.

My primary goal in producing this website is to Enlighten, Empower and Encourage. To demonstrate that anyone who is willing has the ability to achieve whatever they put their minds to. Obstacles happen in every phase of life, and as many have said before me, it’s not so much the obstacles, but rather how we respond to them that determines our success.

I strongly believe that none of us deserve any success that we are unwilling to pursue. In saying this I feel that it is imperative to provide the corresponding action to whatever it is that we state that we want, and believe that we shall have. When we have a specific goal combined with clarity of purpose, this purpose will compel us to push through any obstacle to bring our goals to fruition. This capacity is innate in all of us. There is no question of your capacity to succeed, it is only in your willingness to do so

Do you ever wonder why some struggle and experience poor health in a world that was created for us to prosper and be healthy? Why is it that even though we have unlimited power, we accept a mediocre and, many times, unfulfilled life? Why, when our tongues and heart can move mountains, do we use them primarily to feel despair and to speak about our lack of resources? Do you wonder why it is that some seem to be so richly blessed while others seem to struggle – generation after generation? Why it is that some seem to have happiness, great health, and a life of bliss, while others seem to be up and down and, unfortunately, experience one cold or illness after another?

What if you could do, have, and be whatever you choose? What if there were no stipulations or limitations on you to give in abundance to the people you love or to the causes you support? What if it was revealed that concealed inside you lies the combination to unlock a world that you could uniquely create, a world full of an abundance of joy, peace, resources, and love? Wouldn’t that be worth pursuing?

If you have a deep desire to see further, to understand deeper and live without boundaries, then I say congratulations… and welcome to Wrenwyckw.com!

Let’s travel together.