Steam Engine

I know that many of you are keen to know the current status of our new version of MenuMachine. As noted in my last post about this, we ran into some issues that made things more difficult than anticipated.

MenuMachine’s data model (the information that is stored in memory and on disk) is surprisingly complicated, and due to various issues we were having with reliability and performance, I decided to move the internals of MenuMachine over to Apple’s Core Data framework.

This was not an easy decision as it meant ripping out the guts of the app and replacing them with new plumbing. The good news is that I’m pretty much finished this task now, with the result that the app is now much, much more reliable and much faster. This change to the core of the application will also make future changes to the data model (such as adding new menu types, for example) much, much easier. I’m really pleased with the result.

This done, we’re now back on track. Although we won’t be releasing the new version this year, it’s not that far away now.

Unfortunately, it looks like MenuMachine is deployed in enough sites that it has become a target for malware authors.

Yesterday we were made aware of a piece of malware that specifically modifies GoLive-generated JavaScript files, including MenuMachine JavaScript files.

Anirban Banerjee from stopthehacker.com explains:

Hackers are choosing to insert malicious code directly into local copies of menumachine scripts which are linked to compromised sites. This is primarily being done by harvesting client side ftp credentials using a backdoor trojan which then proceeds to hand over the credentials to a bot which in turn pumps in the infected code.

The trojan affects MenuMachine JavaScript files as well as the GoLive CSScriptLib.js file used for GoLive Actions support. The page at stopthehacker.com has an example of the modified code.

I must point out that unless your local machine is compromised, there is no way that this can affect you. This is not a vulnerability in MenuMachine itself. Your site cannot be modified unless the trojan has gained access to your local machine, in which case you have other problems. Your site cannot be affected by other machines on the internet.

I highly recommend that you have a look at the MenuMachine files in your site. If any of them contain this line at the end then your computer and your site are compromised:

function(hVAxp){var v120='va@72@20a@3d@22@53

As far as I am aware this issue can only affect Windows machines and if you’re running Windows then I highly recommend that you install anti-malware software immediately if you do not already have it in place and also make sure that you are completely up to date with Windows updates. This also applies to you if you run Windows in a virtual machine on your Mac.

This is certainly an unexpected development, if we discover any further information I’ll let you know.