Fake jQuery malware detected on website?

Viruses and worms
1

6 instances detected of known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.002
-http://restavrator48.ru Quttera detects 7 malfiles: https://quttera.com/detailed_report/restavrator48.ru *
Detected libraries:
jquery-migrate - 1.2.1 : -http://restavrator48.ru/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-migrate - 1.2.1 : -http://restavrator48.ru/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.1 : -http://restavrator48.ru/media/jui/js/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
3 vulnerable libraries detected

SRI issue: Scripts 1 issues
Tag Result

Missing SRI hash

Alerted: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=restavrator48.ru

Website CMS vuln: Web application details:
Application: Joomla! - Open Source Content Management - http://www.joomla.org

Web application version:
Joomla Version 3.3.3 found at: http://restavrator48.ru/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 3.5.1 Joomla should be cleansed and updated as this is at the culprit of this infection!

  • Is this maliious javascript connected with -www.aristeaservice.it/js/jquery.min.php?utt=SWR2D2&utm=
    I get an undefined time-out
  undefined variable document.referrer
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var document.referrer = 1;
          error: line:1: ....^

polonus (volunteer website security analyst and website error-hunter)

2

Very pleased to tell ye all that avast detects JS;Injection-I[Trj] in website url | {gzip}
Avast users are being protected! Thank you avast!

polonus

3

Another example: https://urlquery.net/queued.php?id=1498159782
and http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcommunityportal.in%2Fdelhi%2Fscreening-andc
-http://communityportal.in
Detected libraries:
jquery - 1.4.4 : -http://communityportal.in/misc/jquery.js?v=1.4.4
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
1 vulnerable library detected

Re: https://www.virustotal.com/en-gb/url/bc05ca9cc999c782bbd96a461956376326063c8de34eacf124688efd57c3bd65/analysis/1469985609/

See: https://quttera.com/detailed_report/communityportal.in 66 malicious javascript detected:

found JavaScript
     error: undefined variable document.referrer
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var document.referrer = 1;
          error: line:1: ....^

document.referrer only returns a value online and only if someone clicked a link to get to the page.
Otherwise it’s an empty string.

Sucuri detects on page: -https://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.002
Avast flags JS:Agent-ZZ[Trj] so do not go to that js description page…

polonus