WTOP & FederalNewsRadio Website Hacking Update

If you have a WTOP.com or FederalNewsRadio.com account you might have received the following message. Basically if you visited either of these sites between May 5th and 7th using IE8, you might just be hacked. Of course the ironic part of the message is at the end where they want you visit WTOP.com for more information.

WTOP SPECIAL MESSAGE

Dear WTOP.com user,

You are receiving this notification because you registered to receive Breaking News emails or Daily Headline emails from WTOP.

Please read this entire message. It contains important security information.

We recently learned that WTOP.com was the victim of a cyber attack. Upon discovery, we immediately launched an investigation, removed malicious code, and notified federal law enforcement officials of the incident.

If you accessed the WTOP.com website between approximately May 5 and May 7, 2013 using Internet Explorer 8 (IE8), your computer may have been infected with malware. Users of other browsers, such as Firefox, Safari, Chrome, or other versions of Internet Explorer are not at risk for this malware.

If you accessed WTOP.com using an IE8 browser recently, you should run your security software and perform a malware scan on your computer. For more information, see our Frequently Asked Questions which is included below.

We take your privacy very seriously and are taking steps to prevent similar occurrences. We apologize for any inconvenience this has caused. If you have questions or need additional information, please contact us at [email protected]

Regards,
Joel Oxley
Senior Regional Vice President
WTOP and Federal News Radio

Frequently Asked Questions

1. How do I know if my computer was infected?The malware attack targeted the Internet Explorer browser. If you accessed WTOP.com or FederalNewsRadio.com from Internet Explorer recently, you may have been infected. While other browsers may not have been directly infected, the malware may have still installed a cookie on your browser. We urge everyone to clear their cookies and browser cache no matter what browser they have been using to access FederalNewsRadio.com and WTOP.com, and to do a full virus scan on their machine (see instructions below).

An infected machine may exhibit some or all of the following behavior:

  • Active programs will be shut down.
  • Fake virus scanner, often labeled “Internet Security,” will automatically open and run.
  • Inability to open or access any programs or applications. Attempting to do so may result in a fake virus warning.
  • Periodic pop-ups displaying a fake warning and/or prompting the user to purchase the full product.
  • The malware (often called amsecure.exe) resides in memory and adds itself to the list of startup programs.

An infected machine will likely open numerous windows with error message such as:

  • “Amsecure.exe warning! Application cannot be executed. The file cmd.exe is infected. Please activate your antivirus software.”
  • “Warning! Running Trial version!! The security of your computer has been compromised! Now running trial version of the software! Click here to purchase the full version of the software and get full protection for your PC!”
  • “Attention. Suspicious software activity is detected by Amsecure.exe on your computer. Please start system files scanning for details.”
  • “Amsecure.exe detects application that seems to be a key-logger. System information security is at risk. It is recommended to enable the security mode and run total System scanning.”
  • “Warning! Name: taskmgr.exe. Name: C:\WINDOWS\taskmgr.exe”

You may also see error messages when trying to access the Internet, such as the ones below:

  • Iexplore caused an Invalid Page Fault in module3 (the number at the end can vary)
  • The web page you requested is not available offline
  • Explorer caused an exception C06D007EH in module Sens.dll

2. What do I do if I was infected with malware? If you don’t already have an anti-virus program on your machine, download one. Some free possibilities are AVG or Avast. A removal tool, which may help, can be found here. The best practice for removing malware is to download the anti-virus program to a trusted, non-infected computer instead of the computer which you believe has the virus.

If you have access to a trusted, non-infected computer:

  • Download the anti-virus program and save it to a CD or flash drive.
  • Reboot the infected computer.
  • As soon as you see the screen come on, begin tapping the F8 key.
  • You should soon see a menu of options. Use the arrow keys to move up and down the options list (your mouse won’t work) until the “Safe Mode” option is highlighted.
  • Press “Enter” to choose “Safe Mode”.
  • After the computer is done booting into safe mode, insert the CD or flash drive that contains the anti-virus program you downloaded earlier. Navigate to the drive that contains the program. Run the anti-virus program by double clicking on it.
  • Run a full scan on the computer and have it remove any infected files.
  • Restart the computer into its regular state.

If you do not have access to a trusted, non-infected computer:

  • Reboot the infected computer.
  • As soon as you see the screen come on, begin tapping the F8 key.
  • You should soon see a menu of options. Use the arrow keys to move up and down the options list (your mouse won’t work) until the “Safe Mode with Networking” option is highlighted.
  • Press “Enter” to choose “Safe Mode with Networking”.
  • After the computer is done booting into safe mode, open a browser and download the removal tool from: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~FakeAV-GOJ.aspx
  • Run a full scan on the computer and have it remove any infected files.
  • Restart the computer into its regular state.

For more information visit WTOP.com or tune to 103.5 FM.

#####

Today’s post pic is from HubbardRadio.com. See ya!

1 comment for “WTOP & FederalNewsRadio Website Hacking Update

  1. May 12, 2013 at 5:56 pm

    WTOP & FederalNewsRadio Website Hacking Update https://t.co/vR5o4p4cxa

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.