Dec 09

How-to Fix Malicious Javascript Code (suspected as variant of Gumblar virus)

Tutorial 18 Comments »

As yesterday, I found unknown code at the bottom of each wordpress file (javascript and homepage index files). Furthermore, the Javascript code will load malicious file from other remote servers, which are randomized. It works similar to Gumblar virus, though it has slightly different codes and action.

So far, I’ve found this javascript malicious code with different var value. Nhbk5v835×5dq6, H3qqea3ur6p, and Jqjzlgspz98uxl.

This code will load another malicious script from http://xtube-com.blogger.com.pornorama-com.bluejackmusic.ru:8080/hdfcbank.com/hdfcbank.com/google.com/fanpop.com/in.com/

This code will load another malicious script from http://live.com.google.com.baidu-msn.com.bestartsale.ru:8080/wordpress.com/google-mail.it/livejasmin-photobucket.com/cnet-cnn.com/about-ebay.com/

This code will load another malicious script from http://google-cn.msn.ca.shoplocal-com.easymusicstore.ru:8080/interia.pl/interia.pl/google.com/empflix.com/debonairblog.com/

Continue reading…

written by Ryan Isra \\ tags: javascript, malicious, security, virus, website, wordpress, www.ryan-isra.net

Dec 08

Malicious Javascript Code infected my blogs

Blogging, Internet, Script 8 Comments »

It happened since yesterday. When I was checking my blogs, I got this error message in every page.

Parse error: syntax error, unexpected ‘<’ in /home/$myhomedir$/public_html/wp-includes/default-widgets.php on line 1034

I immediately open default-widgets.php in wp-includes directory by using notepad, followed by pressing CTRL + G to go to line#1034. I’m very susprised when I found these codes were exist in default-widgets.php.


Continue reading…

written by Ryan Isra \\ tags: javascript, malicious, security, virus, website, wordpress, www.ryan-isra.net

Page 1 of 11