Dealing with WordPress Malware

October 11, 2012 by 8 Comments

A few months back I contributed to a post with Smashing Magazine on the top 4 WordPress Infections, it was released yesterday, and it couldn’t have been at a better time. If any one attended WordCamp Las Vegas you might even find some similarities. Fortunately in the process of preparing for the event and working with the team, we were able to compile a bit more information expanding on the things we originally discussed in the last post. It’s perfect timing for a number of reasons, and will complement this post very nicely.

WordPress Malware
The idea of this post, like many in the past, is to outline and discuss this past weekend’s presentation. In the process, hopefully you take something away. Unfortunately, the presentation was capped off with a live attack and hack, and I won’t be able to include that in this post, but I promise it’s coming.

**Note: If you plan to be at WordCamp Philadelphia 2012 you might be in for some treats, just saying. And if you don’t have it on the calendar, you should.

Read More

Filed Under: awareness, blacklisted, google, hacked, htaccess, Learn, Malware, phishing, php, plesk, protection, Redirects, research, security, SiteCheck, Spam, sucuri, vulnerability, WordPress Tagged With: , , , , ,

Fake jQuery Website Serving Redirection Malware

July 20, 2012 by 3 Comments

This just in, hot off the press, careful with the jQuery libraries you’re using on your websites.

We received word from @chris_olbekson via Twitter about some hacks being reported on the WordPress forums:

chris_olbekson

Read More

Filed Under: jquery, Redirects, Spam, sucuri Tagged With: , , , ,

Conditional Redirect Malware Decoded – Eval base64_decode Example

March 14, 2012 by 3 Comments

I have this beautiful website and now there’s all this garbled code across all of my PHP files. What’s it do, and how did it get there?

This is a quick post to show you some encoded crud that can attack your site, and do some pretty bad stuff.

Encoded Payload – Eval( base64_decode)

Generally speaking, we see this type of payload dropped into PHP, HTML, and JavaScript files. They are typically dropped into an environment through a known vulnerability in outdated software. This isn’t the only entry point, but definitely the one we see the most.

Read More

Filed Under: awareness, Malware, Redirects, security, SiteCheck, sucuri Tagged With: , , , ,