Imagine my surprise when I visited Kaaawa.net late last month and got this instead of the normal entry page:

This is obviously not a good thing.

It appears that software evil doers were successful in getting access to the guts of my Kaaawa blog and inserting malware, which Google’s warning describes as “malicious software that may harm your computer or otherwise operate without your consent.”

I don’t know how this is done. It’s all a mystery to me. Google tries to provide enough information to clean up a web site, but it is hard to follow if you’re not heavily into this coding stuff.

I’ve taken several stabs, which apparently succeeded only in removing the most obvious instances, leaving dozens–maybe hundreds–of others yet to be dealt with.

According to Google:

Malicious software is hosted on 1 domain(s), including nt20.in/.

This site was hosted on 1 network(s) including AS4323 (TWTC).

Apparently what’s been slipped into Kaaawa.net are hidden scripts that link over to that malicious site.

There must be some easier way to do this, but…I’m in the process of downloading a copy of the entire kaaawa.net site. Then I’ll search for that domain, nt20.in, where the malicious software is located, and hopefully find each place where the damaging script appears. A small software program called skEdit promises to automate the search and deletion of these hidden scripts.

I expect to finish the site download tonight, try to search out the naughty bits in the morning, and then upload the scrubbed files back to recreate the site. I have no idea how long that will take, or if it will actually do the trick.

We’ll see.

In the meantime, if anyone knows of heavy artillery that can be used in such situations, I would appreciate all suggestions.

ps: My hosting service, Hostrocket.com, is now scanning the site.

Once we locate the malicious content, our server will automatically remove it. It would be safe to resubmit your site to google once you receive this email.

Yippee!