Super Amazon Banners Plugin Gone Rogue

During a recent investigation we found the plugin Super Amazon Banners to be serving malware/spam via the domain seoranker[.]info. We suspect that the domain expired and was registered by somebody else who is using it to serve the malware now.

The plugin causes this javascript to try and load a popup (popupHtml) with many spam links to external sites. Also appears to be causing loading issues and some pages refuse to load at all:

(function() {'use strict'; if (window['shbNetLoaded']) return;window['shbNetLoaded'] = true;var popupHtml =

The issue was reported to WordPress and the plugin can no longer be downloaded, it was closed. We recommend removing the plugin from your WordPress site if you are using it.

Krasimir Konov

Krasimir Konov is Sucuri's Malware Analyst who joined the company in 2014. Krasimir's main responsibilities include analyzing malicious code, signature creation and documentation of malware. His professional experience covers more than 10 years in the IT field, with nine years involved in IT/cyber security. When he’s not analyzing malware or writing Labs notes, you might find Krasimir riding his motorcycle and traveling the world. Connect with him on Twitter or LinkedIn.

Super Amazon Banners Plugin Gone Rogue

Krasimir Konov

Related Tags

Shoesinfy Spam Injections

Fake botsvsbrowsers domain

e107 Being Exploited – Vulnerable contact.php Scanned and Attacked

Top 10 Security Tips to Keep Your WordPress Site Healthy

Stealing Credit Cards – A WordPress and vBulletin Hack

TimThumb.php attacks – Now using googlesafebrowsing dot com

Krasimir Konov

Related Tags

Related Categories

You May Also Like