2017 was indeed a Bullish Year in Hindsight

I made a post on a new blogging platform steemit. You can read the post here 2017 was indeed a bullish year in hindsight.

Steemit is a blogging and social networking website on top of the Steem blockchain database. The Steem blockchain produces Steem and Steem Dollars which are tradeable tokens users obtain for posting, discovering, and commenting on interesting content.

What To Do If Your WordPress Site Is Infected By pub2srv.com Adware

This site was infected by adware between end of August 2017 and 26 October 2017.

What happened

I realized something was wrong when I visited my own site this morning and discovered that there were popup and redirection when I clicked on anywhere on the page.

The Evil Adware

The Evil Adware

Also, when I checked the analytics of the site, there were practically no visitors since the beginning of September 2017.

Zero Visitor Since September 2017

Practically Zero Visitor Since September 2017


I run a test using pingdom tool (you can see the scan result by clicking the link) and confirmed that my WordPress site was being infected by adware.

Here are the findings:







Some unknown scripts were being injected into the site.

  • http://deloton.com/apu.php?zoneid=1063894
  • go.pub2srv.com
  • http://go.pushnative.com/notice.php?p=628268&interactive=1&pushup=1
  • go.mobisla.com

Root cause analysis

When I tried to scan my WordPress installation folders on the server for files that contain “pub2srv.com” keyword I found nothing.

The hacker is good at playing hide-and-seek.

With help from Google, it turned out that the malicious code was hidden in multiple files located in the <WordPress installation path>/wp-includes/ folder.

Here is the list of the infected files:

  • wp-feed.php: contains a list of IP addresses
  • wp-vcd.php: contains a compressed malicious installation program
  • class.wp.php: contains SQL injections and cross-site scripting
  • post.php: contains the reference to wp-vcd.php

Here is the sample content of class.wp.php:

The above code is adding/injecting user to the database.

It is also loading content from http://www.aotson.com/codexc.txt which contains the following instructions:

The hacker is able to target specific infected site by changing the path remotely via http://www.aotson.com/codexc.txt Pretty clever and super evil.

It is capable of spreading itself to all the WordPress sites across different domain names that are hosted under my user account.

More detail can be found here: wp-vcd.php malware analysis.

Lesson learnt

It is clear that the root cause was due to me installing untrusted WordPress themes on my site.

The infection occurred at an earlier date than mid-August based on the evidence from the backup that I have.

However, the symptom of unusual slowness and trouble only appeared towards the end of August.


Here is an article on how to remove pub2srv malware to learn more about the adware/malware.

Here is the detail of other people who were also facing the same issue.

I installed the Anti-Malware Security and Brute-Force Firewall plugin and run a scan. 254 files, which were affected, were removed after the scan.

I updated the my WordPress theme to the latest version.

I reinstalled the WordPress version 4.8.2.

I also updated the login password.

I also updated the server user login password just in case.

Final thought

Maintaining a website is similar to maintaining my health. I need to monitor it regularly to avoid temporary death from happening again.

The site is as good as dead for the past two months.

I realized that cyber risk is a real threat that could impact a lot of people. Infected site is capable of spreading virus to innocent visitors and might cause serious damage to them.

It is important to keep the information systems secured so that I will never encounter similar incident again. Here is a self-study guide CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide that contains information on how to maintain security in a world that is surround with cyber risks. Grab a copy if you are interested.

2017 The Market Capitalization of World’s Stock Markets

The data in this post is extracted from Pocket World in Figures 2018. It contains economic data that provides insights towards understanding the world better. Grab a copy if you are interested.

Here is a list of world largest stock markets ranked according to market capitalization.

MarketEnd 2015 ($bn)End 2016 ($bn)Diff (%)
Nasdaq - US728177796.84%
Japan Exchange Group489550623.41%
Shanghai SE45494104-9.78%
London SE Group38793496-9.87%
Shenzhen SE36393217-11.60%
Hong Kong Exchanges318531930.25%
Deutsche Börse171617320.93%
TMX Group1592204228.27%
SIX Swiss Exchange15191415-6.85%
BSE India151615612.97%
National Stock Exchange of India148515343.30%
NASDAQ OMX Nordic Exchange12681260-0.63%
Korea Exchange123112824.14%
Australian Securities Exchange1187131710.95%
BME Spanish Exchanges787711-9.66%
Taiwan SE Corp.74586215.70%
Johannesburg SE73695930.30%
Singapore Exchange6406491.41%
BM&F BOVESPA49177457.64%
Saudi SE - Tadawul4214496.65%
Mexican Exchange402334-16.92%
Moscow Exchange39362258.27%
Bursa Malaysia383363-5.22%
Indonesia SE35343422.95%
Stock Exchange of Thailand34943725.21%
Tel-Aviv SE244215-11.89%
Philippine SE2392400.42%
Oslo Bors19423420.62%
Santiago SE19021211.58%
Borsa Istanbul189158-16.40%
Qatar SE1431558.39%
Warsaw SE1381412.17%
Irish SE128121-5.47%
Abu Dhabi Securities Exchange1121218.04%
Wiener Börse961015.21%
Tehran SE8910113.48%
Colombia SE8610319.77%
Dubai Financial Market84-NA

Interesting observations

The total market cap for Taiwan Stock Exchange is USD 862 Billion (end of 2016) which is roughly equal to the market cap of Apple (APPL, USD 847 Billion as of 1st of September 2017).

The total market cap for Singapore Exchange is USD 649 Billion (end of 2016) which is roughly equal to the market cap of Alphabet (GOOGL, USD 659 Billion as of 1st of September 2017).

The total market cap for Bursa Malaysia is USD 363 Billion (end of 2016) which is roughly equal to the market cap of Johnson & Johnson (JNJ, USD 351 Billion as of 1st of September 2017).

Final thoughts

Imagine a whole country’s stock market value is represented by a single company. This is incredible but true.

Investing in a single country is similar to investing in a single company. For example, buying stocks in Bursa is like buying Johnson & Johnson (JNJ) stock.

The Bursa Malaysia ONLY represents about 0.51 % (363/70556=0.00514) of the total market capitalization of world top 40 largest stock markets. It is a small fish in a big ocean.