Hello, today my Avast warns me that the following website is infected.
xttp://findealz.com (x = h)
Infection: JS:ScriptIP-inf [Trj]
I’ve used some online scanning tools and products there tells me that site isn’t infected. No files were modified last few days (site works perfectly yesterday), so I’m not sure what’s going on.
You certainly have to update the website software. WordPress version: WordPress
Wordpress version from source: 3.4.1
Wordpress Version 3.3 or 3.4 based on: http://wXw.findealz.com//wp-includes/js/autosave.js
WordPress theme: http://wXw.findealz.com/wp-content/themes/couponpress/ (holed->: http://kb.parallels.com/en/113321)
Plesk version 10 outdated: Upgrade required.
Why old Plesk versions form a risk read here: http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html (article author = daniel cid)
"RedKit"exploit kit seems to just use; Java/Exploit.CVE-2012-0507
Website contains the malicious code.
2012-08-27 12:16:18 htxp://www.findealz.com/ 6A5215709984DFAEFB313F6A20706894 216.224.178.155 US Trojan.JS.Iframe.BRR
2012-08-27 12:16:17 htxp://www.findealz.com/wp-login.php?redirect_to=hxtp://www.findealz.com/wp-admin/ F6450952C2D40CF1D15FBCC8A713DF20 216.224.178.155 US Trojan.JS.Iframe.BRR (avast detects as HTML:RedirME-inf [Trj])
code hick-up here:
(script) wXw.findealz.com/wp-content/themes/couponpress/PPT/js/slide/slider1.js
status: (referer=wXw.findealz.com/)saved 59779 bytes b73b65121178e7221fbe48c75de4036133e0fd05
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1; problem with the “$” alias?
error: line:1: …^
suspicious:
Third party requests: