Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats as they evolve. We wrote in the past about fake jQuery scripts and how hackers use Pastebin.com to host malware. This time, we will show you an attack that combines both of these techniques to spread malware using a fake jQuery Pastebin file.
Reversed URL Detected by SiteCheck
When the code is reversed (e.g. war/moc.nibetsap//:ptth – is – http://pastebin.com/raw – written backwards), it injects external scripts that load code directly from Pastebin. Previously, we saw this trick used on infected Magento sites. There are strong signs that these two attacks are related, but this WordPress infection is interesting on its own, so let’s look closer at these Pastebin links.