Unknown_html_RFI_shell malcode at this site, but what?

Bitdefender’s TrafficLight only one to detect this? See: https://www.virustotal.com/nl/url/ad16f4fcefcca1292d247d52dc0c6902963661f427a7989d6f8196fb395529f4/analysis/1415048933/
Sucuri’s does not flag a thing: http://sitecheck.sucuri.net/results/nugar.com
But Quttera’s detects: "Detected potentially suspicious content."Failure: nonnumeric port:
Re: http://jsunpack.jeek.org/?report=64d3f4099a12b4ffbf09e4f3e111094189da0e23
See: https://urlquery.net/report.php?id=1415049285767
Greensock script not behaving as expected. Vulnerable code for XSS:
Results from scanning URL: htxp://www.dabber.com/u2b/js/myjavascript.js
Number of sources found: 4
Number of sinks found: 13 Source: .innerHTML=restul.getElementsByTagName
Linktracker code

st_go({v:'ext',j:'1:3.2',blog:'38428508',post:'95',tz:'-5'});
	var load_cmc = function(){linktracker_init(38428508,95,2);};
	if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc);
	else load_cmc();
	

This in the footer and loading from WP-stats, at least this should be set to “Set link private”,
so that rogue link was being un-privated so to speak. So this was through cracking the admin account through the header.php file.
So solution remove that long code from witin the header.php file.

polonus

Hi folks,

There is an error in the code in code given earlier

: st_go({v:'ext',j:'1:3.2',blog:'38428508',post:'95',tz:'-5'});
	var load_cmc = function(){linktracker_init(38428508,95,2);};
	if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc);
	else load_cmc(); 

“st_go is not defined” error in WordPress.com Stats plug-in code, so in -extend/plugins/stats/being blocked in the browser.
With Ghostery extension the code is blocked and this also offers protection.
Also read: http://blog.sucuri.net/2012/07/distributed-malware-network-outbreak-using-stats-php.html link article author = Daniel Cid.
Flagged by:


<!--stats_footer_test--><script src="http://stats.wordpress.com/e-201037.js" type="text/javascript"></script>
<script type="text/javascript">
st_go({blog:'5341917',v:'ext',post:'0'});
var load_cmc = function(){linktracker_init(5341917,0,2);};
if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc);
else load_cmc();
</script>

Now it seems the code is needed to track visitors.

polonus

P.S. Do not freak out on coding errors - like ReferenceError: linktracker_init is not defined, less than 100 is pretty standard with a validator. ;D

D