Malware update – Alex Bodrov –,etc

We will be posting some quick malware updates on our blog from now on. The latest one that is affecting quite a few sites are malicious javascripts being injected directly into the wp-posts table on WordPress sites. Those are the domains being used:

Those were used in the first batch of attacks that happened a few weeks (months) ago:

Details about the malware:

For hosting providers/security companies: Block the IP address – (it is hosting all those sites).

Whois details:

Name: Alex Bodrov
Address: Polubotka 19-10
City: Chernigov
Province/state: Chernigov region
Country: UA
Postal Code: 34586
Phone: +48.7139123463
Fax: +48.7139123463

Name: Alexandr Borisenko
Address: Polubotka 81-38
City: kiev
Province/state: Kiev region
Country: UA
Postal Code: 45675

We will post more details as we learn them.

If your site is hacked and you need help, visit to learn about our malware removal and monitoring plans.

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Share This