Malicious JavaScript Popup On WordPress Websites
This infection pulled out from the malicious websites list submitted by users to our free Online Website Malware Scanner. If your website visitors complain that they experience the same when they access your website, then probably you were hit by the same malware.
Note: since the scan was completely outside-in (HTTP-based) we're not posting here the PHP portion of the malware.
Malicious Redirect
When this infection loads, your website visitor gets presented with the "Checking your browser" window (see below screenshot). A "Continue" button is there, asking for the user-action in order to complete this stage of the attack. When user clicks this button, it generates random URL that points to another page located on the same server. The URL will have the prefix ?pagerd_
e.g. www.infected-domain.com/?
 |
| Malicious JavaScript Popup |
When investigating further and following such generated link, we got the following PHP errors:
Pointing out the malware in infected footer.php file of the installed WordPress theme.
Summary
Above info shows the path to detect and remove the discussed malware. In order to stay safe and avoid future infection it is essential to keep all passwords safe, WordPress files up to date and of course use only trusted and constantly updated/fixed plugins and themes.
If you suspect your website was compromised or would like us to remove the malware, please select from ThreatSign - website monitoring and malware clean-up plans. To run free remote scan of your websites: http://quttera.com/website-malware-scanner
For other questions, do not hesitate to contact Quttera's help-desk.
For other questions, do not hesitate to contact Quttera's help-desk.
No comments:
Post a Comment