Mar

12

WikiCU has Cooties

Written by

What you should see

And by cooties, we mean it’s been hacked and infected by malware. Bwog is staffed by hopelessly computer-illiterate History majors, so we turned to one of our backend tech gurus to explain why you should stay the fuck away from WikiCU until told otherwise.

It’s all about how dangerous malware could be. While most people will get a giant red screen in Chrome telling them that they’re about to get redirected to a malware site, many won’t see a warning like this. Who knows what this malware does, it could potentially be malware trying to infect other computers on the network. Suddenly people who didn’t visit the site are getting attacked from computers that did. What happens is a network effect where it spreads throughout campus infecting computers that are vulnerable. Unless you have every recent security patch, you’re at risk. It could be massively annoying for everyone involved.

Sound like the beginning of a bad zombie movie to anyone else?

Tags: , , ,

28 Comments

  1. bot  

    love the tags, but *too old, Bwog. s'cool though, we is all humens and shit.

  2. Anonymous

    wikicu has been like that for a while. it also redirects you to weird sites for some reason.

    • Exactly.

      I was just thinking of emailing them about this yesterday, when upon accessing their website I discovered that it was no coincidence that my computer was infected with malware the last time I checked one of their pages...

  3. Lord, no!

    how will incoming freshmen get their knowledge now? A batch of fools, we'll have! Ignorant, pot-bellied fools!

  4. Anonymous

    "Bwog is staffed by hopelessly computer-illiterate History majors"

    i lol'ed so hard i was worried i woke up my grandparents.

    Love,
    Concerned giggler in a Florida retirement community... who has nothing better to do at midnight during spring break than reread bwog articles...because she's staying in a Florida retirement community...

  5. HTML Jockey  

    All that WikiCU needs to do is remove the following line from the source code of its main page (it's the second to last line on the page):



    That's not really so hard to do, is it?

    • charlie

      No, this is false... first of all, the malicious code is present on all WikiCU pages, not just the main page. Secondly, that source code is all generated dynamically by MediaWiki. The offending code is probably obfuscated as an eval(base64("(enormous string of letter and numbers)")) statement that has probably been inserted in all of the PHP files on the WikiCU server. Very likely there is a backdoor planted as well. The WikiCU administrators need to remove any unknown PHP files on their server, remove these malicious (and probably obfuscated) lines from all files on their server, and then take steps to secure their server against further access.

      • CC'11

        I doubt it. Hacks are rarely that sophisticated, they probably just put it in the header template. Or in the database directly. If you Google any of the date table names from the mysql database in MySQL you get pages and pages of unprotected PHPMyAdmins... scary

        • charlie

          I would agree that most attacks perpetrated by a single user on a single target tend not to have those features, but in this case the attack is clearly part of a larger campaign and very likely perpetrated by a script attacking hundreds of websites with little or no human interaction. This is why I suggest that it is probably in all PHP files on the server -- it's much easier to write a script that simply injects itself into all PHP files instead of one that must pick the "correct" file for injection, and might miss and hit the wrong file. The obfuscation is just a guess, but from what I've seen this type of obfuscation is very common in modern campaigns because it is easy to perform and makes the malicious code much easier to hide.

  6. HTML Jockey  

    Well, the code got removed automatically from my post; what needs to be removed is the line (second from end) that conains:

    script src [equals sign, quotation mark, http, colon, two diagonals]sweepstakesandcontestsdo.com/mm.php?d=1[quotation mark, etc,etc.]

  7. Anonymous  

    If WikiCU put up an XML dump of the whole site (or a MySQL dump, for that matter), I'd be glad to host a non-malware-y one.

  8. Hey, Bwog  

    want to think about disconnecting or hiding the link to WikiCU until it's fixed?

  9. Anonymous  

    wikicu is outdated shit anyway. I realized several months back they just have the same contributors and there is no open way to add others. Just as an example, their spring-break gym hours are way off.

    • Former editor

      Of course it's outdated. That's the kinda thing that needs an active an steady editor group. Those of us who started back in 2007 were mostly '07-'08 and a bit of a roving band. Initially the idea was to have that kind of up to date reference material. There was even an attempt to catalogue all the vending machines on campus, etc. Eventually we graduated and couldn't keep up with that. So most of our efforts went into recording lore, history, and other stuff that didn't change or that would be quickly forgotten.

      Did you know there was a minor scandal and Spec exposé re the northwest corner building and the athletics department? Check the NoCo article. Do you know about all the religious symbolism in the school seal? Read about it in the University Seal article. Do you know what the Columbia Oval is? Neither did I. Read about it on WikiCU. Or about our school songs. Or our school colors. Or about the funded-but-never-built Pell Hall. Or Moe Berg. Or our gloriois history of Dropouts. Or Emily Lloyd. Or the original College Hall. Or ... It's not comprehensive but we wrote about what interested us, so that the things we learned would be recorded and not forgotten.

      Hopefully this malware issue gets fixed. I may not contribute much, but I'd hate to see such an effort of dedicated alumni and students go to waste.

  10. Anonymous

    Just another reason I love Chrome.

© 2006-2015 Blue and White Publishing Inc.