ISSUE DETECTED DEFINITION INFECTED URL
SEO Spam MW:SPAM:SEO?g12 htxp://sweetmoment.de
SEO Spam MW:SPAM:SEO?g12 htxp://sweetmoment.de/index.php/willkommen
SEO Spam MW:SPAM:SEO?g12 htxp://sweetmoment.de/index.php/component/comprofiler/registers
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
Why? Web application version:
Joomla Version 2.5.11 found at: htxp://sweetmoment.de/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
Outdated Web Server Nginx Found: nginx/1.2.1
Quttera detects 5 malicious files, 1 suspicious file and 2 potentially suspicious files:
https://www.virustotal.com/en/url/9207b7790db2626436f83d42cad91e05baf4f2b7027a5b53f8620f2f03a56de7/analysis/1427406041/ malicious
[function dnnViewState]]
Read: http://vel.joomla.org/articles/844-spotting-spam-code-in-malicious-extensions
Check unklnown links: htxp://casinomitpaypal.npage.de/ → ‘casino mit paypal’
htxp://www.e-max.it → ‘web marketing’
htxp://www.freetemplatespot.com → ‘eco planet’
Missed: http://zulu.zscaler.com/submission/show/9218e78a3b77b1d6c785aa03b3c8c312-1427406303
Read:
http://stackoverflow.com/questions/15237789/how-to-reverse-engineer-a-hidden-js-script
link credits go to Blender.
Additionally I attach a link tracker tracker report.
Do not open links inside a browser. Info for research purposes only.
polonus