Did worm infect Alaska candidates' site?

A husband-wife team running in the state's governor's race blame a hacker for infecting their election Web site with a virus.

Anne Broache Staff Writer, CNET News.com
Anne Broache
covers Capitol Hill goings-on and technology policy from Washington, D.C.
Anne Broache
3 min read
If you're a write-in candidate without major political party recognition, there's nothing quite like mysterious malicious software radiating from your Web site to earn you a little extra publicity.

That's what happened this week to Ted and Fran Gianoutsos, a husband-wife team running for governor and lieutenant governor, respectively, in Alaska's race.

Late last week, the candidates' Webmaster logged in to do some updates on the site, only to find that his "firewall went crazy." The problem? A 2-year-old Visual Basic script worm--known variously as Gaggle.D, I-Worm.Gedza and Gedza.A--apparently had wriggled its way into each page of the Gianoutsos' minimalist campaign site at http://www.tedandfran.com/who.htm.

"It's fairly innocuous other than the fact it...tries to change your home page to an Avril Lavigne picture that is sitting out there on a server somewhere," Webmaster David Molletti said in a telephone interview Thursday. "So it's a nuisance thing, but it was plugged in there."

Molletti said he proceeded to clean up each page and directory on the server and to change passwords last weekend. But by Monday, the worm had returned with a vengeance--and attracted the attention of at least one Web security forum, whose members promptly posted screenshots of dialog boxes from security programs that detected the low-level threat.

"My uncle got a political flyer the other day, and when he visited their website, AVG caught some form of malware," the thread, dated Oct 21., began.

Ted Gianoutsos even started getting calls from Alaska Division of Elections representatives, who said they had received complaints from people claiming the candidates were trying to spread a virus.

That's just nonsense, Molletti said. The Gianoutsos' low-budget site runs on a "virtual private server" with no detailed logs of who accesses it, but the managers of that space told Molletti that the only way to embed the worm is by gaining access to the Gianoutsos' account and underlying files.

Ted Gianoutsos readily admits to having no Internet access at home, and he said in a telephone interview that he wasn't even aware of the troubles until he started getting calls from site visitors.

Gianoutsos said the unidentified "hacker" responsible for the worm was likely targeting him and his wife of 44 years for their against-the-grain political views. They're running on a platform that supports opening the Arctic National Wildlife Refuge for oil and gas drilling, and lowering health care costs for Alaskans, particularly military veterans.

"All of a sudden, this has created a huge amount of controversy in different places," Gianoutsos said.

Gianoutsos' theory could be right on, conceded Molletti, who has been doing Web site management for about eight years and currently oversees 40 sites. "This is the first time I've been breached like that, and it was just curious it would happen on the one site that has information that would make other people angry--people in power, I should say," he said.

As of Wednesday evening, the site had been scrubbed of the worm again, every administrator-level password had been set and reset, and Molletti said he believed he had "at least put a monkey wrench in the works."

Ted Gianoutsos, who received calls this week about the glitches from as far away as Seattle, Arizona, Cleveland and Chicago, said he couldn't help enjoying the extra attention a little bit. "If it were only true that it was an actual virus," he said. "Can you imagine the publicity?"