Exploit finnaly found

htxp://sitecheck.sucuri.net/results/kitchenaria.cxm

i just found out that this website had a Phoenix Exploit kit

Description: We detected an iframe or javascript that loads the Phoenix Exploit kit to compromise anyone visiting the web site. This type of malware is generally heavily encoded and hidden on javascript files or at the top of the HTML/PHP/ASP pages.

At least avast blocked it 8)

This one is at the bottom of the webpage.

Interesting algorithm they use. It might be on that site Polonus gave me… ::slight_smile:

It is a massive campaign. Vulnerabilities include a PHP code execution bug and a persistent cross-site scripting flaw. They affect Wordpress versions 3.3.1 and later. Mentioned Wordpress site is being used to fool spam filters that look for known, malicious Web domain,

polonus