Hi forum friends,
TrendMicro gives it as malware site. Site has PHP/IRCBOT.49, SPR/PHP.ID, Perl:Shellbot-Q Trj, PERL/IrcBot.AX, PERL/IrcBot.AJ, SPR/PHP.ID on it and also this unknown_html_RFI_shell malware, with path: -http://successomentale.com/wp-content/themes/brandnew/languages/.logz?
Analyzed with jsunpack and there I stumbled upon this code: ^!/bin/perl^^ Auto install script by picko^^ edit sesuai kebutuhan^ ^ This is a hackattempt - to hack a server and running irc script is from Oct. 2010, still being used!
I get this error when scanning with DrWeb:
Checking: -http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
File size: 89.20 KB
File MD5: 459076b536e7df0411c5a265fcce3600
-http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js - archive JS-HTML
-http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js/JSTag_1[11530][4f9d] - Ok
-http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js/ - read error!
°http://successomentale.com/wp-content/plugins/wp-minify/min/?f=wp-content/themes/versatile/DD_belatedPNG.js,wp-includes/js/l10n.js,wp-content/plugins/sidebar-login/js/blockui.js,wp-content/plugins/sidebar-login/js/sidebar-login.js,wp-content/plugins/popup-domination/lightbox.js,wp-content/plugins/simple-forum/resources/jscript/forum/sf-forum.js,wp-content/plugins/user-access-manager/js/jquery.tools.min.js,wp-content/plugins/user-access-manager/js/functions.js,wp-content/themes/versatile/lib/scripts/jquery-1.4.2.min.js,wp-content/themes/versatile/lib/scripts/jquery.easing.1.3.js,wp-content/themes/versatile/lib/scripts/jquery.tools.min.js,wp-content/themes/versatile/lib/scripts/jquery.preloadify.min.js,wp-content/themes/versatile/lib/scripts/sys_slider.js,wp-content/themes/versatile/lib/scripts/empty.js,wp-content/themes/versatile/lib/scripts/src/galleria.js,wp-content/themes/versatile/lib/scripts/src/themes/classic/galleria.classic.js,wp-content/themes/versatile/lib/scripts/jquery.form.js,wp-content/themes/versatile/lib/scripts/jquery.validate.js,wp-content/themes/versatile/lib/scripts/jquery.prettyPhoto.js,wp-content/themes/versatile/lib/scripts/mColorPicker.js,wp-content/themes/versatile/lib/scripts/sys_custom.js,wp-content/themes/versatile/lib/scripts/jquery.gmap.js,wp-content/themes/versatile/js/cufon-yui.js,wp-content/themes/versatile/js/cufon/Segan.js&m=1319299479/JSTag_1[1660c][2f819] - Ok
-http://successomentale.com/wp-content/plugins/wp-minify/min/?f=wp-content/themes/versatile/DD_belatedPNG.js,wp-includes/js/l10n.js,wp-content/plugins/sidebar-login/js/blockui.js,wp-content/plugins/sidebar-login/js/sidebar-login.js,wp-content/plugins/popup-domination/lightbox.js,wp-content/plugins/simple-forum/resources/jscript/forum/sf-forum.js,wp-content/plugins/user-access-manager/js/jquery.tools.min.js,wp-content/plugins/user-access-manager/js/functions.js,wp-content/themes/versatile/lib/scripts/jquery-1.4.2.min.js,wp-content/themes/versatile/lib/scripts/jquery.easing.1.3.js,wp-content/themes/versatile/lib/scripts/jquery.tools.min.js,wp-content/themes/versatile/lib/scripts/jquery.preloadify.min.js,wp-content/themes/versatile/lib/scripts/sys_slider.js,wp-content/themes/versatile/lib/scripts/empty.js,wp-content/themes/versatile/lib/scripts/src/galleria.js,wp-content/themes/versatile/lib/scripts/src/themes/classic/galleria.classic.js,wp-content/themes/versatile/lib/scripts/jquery.form.js,wp-content/themes/versatile/lib/scripts/jquery.validate.js,wp-content/themes/versatile/lib/scripts/jquery.prettyPhoto.js,wp-content/themes/versatile/lib/scripts/mColorPicker.js,wp-content/themes/versatile/lib/scripts/sys_custom.js,wp-content/themes/versatile/lib/scripts/jquery.gmap.js,wp-content/themes/versatile/js/cufon-yui.js,wp-content/themes/versatile/js/cufon/Segan.js&m=1319299479/ - read error!
Checking: -http://www.statcounter.com/counter/counter_xhtml.js
File size: 8349 bytes
File MD5: e232a63b519b7a958bc40c48b8a11733
-http://www.statcounter.com/counter/counter_xhtml.js - Ok
Checking: -http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAPPDjE4C-8udEw0NWfa6_iBSC_EwsMiU8lZ2NIdQr89GZ5HXRcxT1Trn-EnrLXbT4DK-gOk048BkY_w
File size: 11.07 KB
File MD5: b3c786ad326a4cb55eae55d2d176e3ad
Checking: -http://www.youtube-nocookie.com/v/s95Tqkp3Wd4?version=3&hl=it_IT?t=16s?wmode=transparent
File size: 3289 bytes
File MD5: 9e5ec7b4929cdace82065c4ef823e182
=http://www.youtube-nocookie.com/v/s95Tqkp3Wd4?version=3&hl=it_IT?t=16s?wmode=transparent - archive ZLIB
=http://www.youtube-nocookie.com/v/s95Tqkp3Wd4?version=3&hl=it_IT?t=16s?wmode=transparent/data001 - Ok
=http://www.youtube-nocookie.com/v/s95Tqkp3Wd4?version=3&hl=it_IT?t=16s?wmode=transparent/ - read error!
Checking: -http://hosted.comm100.com/NewsLetter/Js/Func/DelMailingList.js
File size: 746 bytes
File MD5: aa6d6dee4f30fd33e7de85ce4af65d9c
-http://hosted.comm100.com/NewsLetter/Js/Func/DelMailingList.js - Ok
Checking: -http://connect.facebook.net/en_US/all.js#xfbml=1
File size: 145.86 KB
File MD5: cd2b6733c5bfda344d20ee2023be2d2b
-http://connect.facebook.net/en_US/all.js#xfbml=1 - archive JS-HTML
-http://connect.facebook.net/en_US/all.js#xfbml=1/IFrame_1[23] - Ok
-http://connect.facebook.net/en_US/all.js#xfbml=1/ - read error!
Checking: -http://nwidget.networkedblogs.com/getnetworkwidget?bid=973583
File size: 5883 bytes
File MD5: d651202e001e65603e409a191fb4d2b5
-http://nwidget.networkedblogs.com/getnetworkwidget?bid=973583 - archive JS-HTML
-http://nwidget.networkedblogs.com/getnetworkwidget?bid=973583/JSFile_1[0][16fb] - Ok
-http://nwidget.networkedblogs.com/getnetworkwidget?bid=973583/ - read error!
Checking: -http://successomentale.com
Engine version: 7.0.0.11250
Total virus-finding records: 2440827
File size: 42.94 KB
File MD5: efe152d09001f4f03eaaaa44dfc4f3c5
-http://successomentale.com - archive JS-HTML
-http://successomentale.com/JSTAG_1[aae][a3] - Ok
-http://successomentale.com/ - read error!
polonus