And once again Word Press insecurity as cause of malcode on website......

polonus · 2017-03-28T17:27:24.000Z

See: http://urlquery.net/report.php?id=1490719524868
WordPress Version
4.5.7
Version does not appear to be latest 4.7.3 - update now.

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

simple-share-buttons-adder 6.1.5 latest release (6.3.4) Update required
https://simplesharebuttons.com
bsk-pdf-manager 1.5.2 latest release (1.7.1) Update required
bbpress 2.5.9 latest release (2.5.12) Update required
https://bbpress.org
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Two vulnerable jQuery libraries to be retired: http://retire.insecurity.today/#!/scan/59cf89ece9a9c4aea55ce3c15afbf67376660a1cbee8bc2f03e5b09c662d3bfa

1 issue with Stylesheet: https://sritest.io/#report/5e1864bc-762d-4132-b97f-95abdf5fd092

F-Status: https://observatory.mozilla.org/analyze.html?host=www.huddleproductions.com

GoDaddy abuse: https://urlscan.io/result/cdda285d-2507-4f73-a289-517f51f87c74#summary

Malware on same IP: https://www.scumware.org/report/stormwatcher.us.html

Vuln.: Results from scanning URL: -http://www.huddleproductions.com/wp-content/themes/enfold/js/avia.js?ver=1
Number of sources found: 26
Number of sinks found: 16

Re: → https://urlscan.io/result/cdda285d-2507-4f73-a289-517f51f87c74/dom/
errors in script

found JavaScript
error: line:4: SyntaxError: invalid assignment left-hand side:
error: line:4: window._wpemojiSettings = {“baseUrl”:“https://s.w.org/images/core/emoji/72x72/”,“ext”:“.png”,“source”:{“concatemoji”:“http://wXw.huddleproductions.com/wp-includes/js/wp-emoji-release.min.js?ver=4.5.7”}};
error: line:4: …^

polonus (volunteer website security analyst and website error-hunter)

polonus · 2017-03-29T12:45:35.000Z

Another one presented here with 44 instances of malcode: http://urlquery.net/report.php?id=1490787142698
Quttera’s flags this as potentially suspicious script: /wp-content/themes/hq/js/main.js?ver=4.1.16
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.

Details: Too low entropy detected in string [['.moveFromLeft, .moveFromRight, .moveFromTop, .moveFromBottom, .fadeIn, .fadeFromLeft, .fadeFromRight']] of length 131 which may point to obfuscation or shellcode.

(script) platform.twitter.com/widgets.js status: (referer=-http:/www.ask.com/web?q=puppies)saved 115585 bytes d0b4f241d1c4285709d032b3ee3ea65de5883ace info: [decodingLevel=0] found JavaScript suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes file: d0b4f241d1c4285709d032b3ee3ea65de5883ace: 115585 bytes file: 2c07d11cd0c3af6b6b6a6c0966763b1d55bddb58: 115801 bytes file: 0678b7d40071ba155fcc76185527985890fecea2: 115807 bytes file: f10cd9aa9acadb31e5f14e0d8a2e25f818105009: 116016 bytes file: 08f98498bbe46e337ecf40f24e7ff3aa31651da6: 116208 bytes file: 88322cf42e4f3fcd3ace00dfd6770d0a4b213e45: 115922 bytes file: 50f6341066895f249d4ede982dba5114d79a7b57: 116046 bytes

Threat dump MD5: 2200EA0B37F930CC4BB32B8AB23ABCD1
File size[byte]: 197271
File type: ASCII
Page/File MD5: EED27F57F2B663657929E57568E3177F
Scan duration[sec]: 22.701000 → http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftethysresorts.com

WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress under 4.7.3 Word-Press self-hosted → http://toolbar.netcraft.com/site_report?url=+tethysresorts.com

3 jQuery libararies to be retired: http://retire.insecurity.today/#!/scan/c60dca7896fd64e178eee977174e7ae13a2e69456580e39ba3242b84210b8fcd

C-status 5 issues: https://sritest.io/#report/59114b92-9f4f-40a1-964d-4120aad7b953

F-status: https://observatory.mozilla.org/analyze.html?host=tethysresorts.com

polonus (volunteer website security analyst and website error-hunter)

Announcements