Malware update – Alex Bodrov – awaue.com,etc

We will be posting some quick malware updates on our blog from now on. The latest one that is affecting quite a few sites are malicious javascripts being injected directly into the wp-posts table on WordPress sites. Those are the domains being used:

http://aeaaea.com/ou

http://secree.com/re

http://uoauer.com/si

http://oeooea.com/ve

http://secowo.com/wo

Those were used in the first batch of attacks that happened a few weeks (months) ago:

http://ae.awaue.com

http://ie.eracou.com

http://ao.euuaw.com

Details about the malware:
http://sucuri.net/malware/entry/MW:RKS:3

For hosting providers/security companies: Block the IP address 91.188.59.203 – (it is hosting all those sites).

Whois details:

Name: Alex Bodrov
Address: Polubotka 19-10
City: Chernigov
Province/state: Chernigov region
Country: UA
Postal Code: 34586
Phone: +48.7139123463
Fax: +48.7139123463
Email: alexbodrovqw@gmail.com

Name: Alexandr Borisenko
Address: Polubotka 81-38
City: kiev
Province/state: Kiev region
Country: UA
Postal Code: 45675
Email: 3807345466632@gmail.com

We will post more details as we learn them.


If your site is hacked and you need help, visit http://sucuri.net to learn about our malware removal and monitoring plans.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.