The Danger of Remote Widgets – Feedcat.net Sold and Now Distributing Malware

Do you like to add all types of “widgets” and cool badges to your site? Be careful which ones do you choose, or your site may get compromised. Be specially careful if the widget vendor sells the technology and doesn’t inform its users. Why, you may ask?

Recently, a popular widget site (feedcat) was sold on flippa. Out of nowhere sites that had their code embedded started getting redirected to random sites, get annoying pop up ads, and distributing malware.

This little piece of code was doing it:

<script src="http://www.feedcat.net/js2/button.js?pub=xx&amp;bmode=b83x16&amp;ilng=en&amp;section=”..

So, if you’re one of the 300k sites using feedcat, remove it now. If you are seeing weird pop ups or ads on your site, check to make sure you don’t have it installed.

If your site is currently redirecting to an Amazon site and getting stuck there you probably have the feedcat code on your site:

http://continue_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1311373754&Signature=60QGS34LES2ymcgNXV2WT1Iq2Zg%3D

You can use our free scanner to see if your site has it: sitecheck.sucuri.net

Let us know if you have any questions.

*update:

Other people are complaining about it too.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.