This occurred when I opened the blogs page at Zooniverse for the first time.
Avast says it blocked the Trojan. Assuming it protected my computer, is there anything I should do? Will my install of Avast notify someone at Avast of this problem, so they can contact the Zooniverse staff to have the trojan removed? Or should I attempt to contact the Zooniverse staff myself? Can I do so safely? How?
Avast doesn’t contact sites as there are literally thousands of site infected per day. So if you have any contact at zooniverse you should give them a heads up.
There have been a number of wordpress vulnerabilities which has resulted in many sites being hacked, so it is important to ensure they have the latest version of wordpress. See image as this also indicates an out of date wordpress and the site being infected…
Code has to do with a Wordpress vulneralibility, a so-called js unpacker bug hack; It goed through following steps-like
Decoding option browser →
Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn →
setAttribute src → var newurl] URL= →
Well that is what the hack is trying to perform and then searching for the right bit of code of this malware, we can determinate it as described here: http://sucuri.net/malware/malware-entry-mwjs457
So mentioned site was hacked to perform a downloader worm alias Iframer type of worm infection redirect via “newurl etc.”, mostly found at the end of the code or given obfuscated within the malcoded javascript,