Multisite network malware – redirection to another site when browsed via mobile

  • Hi,

    Does anyone have any experience with this? All the sites in our network are being redirected to another site when trying to browse them through mobile devices. No direction occurs when using browser on desktop computers.

    Thanks in advance for anyone who can help!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Dan

    (@securitydan)

    Yes, these are known as conditional redirects. The malicious redirect will only happen when certain conditions are met based on different attributes of the connecting machine. Most of these conditions are based on the referrer, user agent, cookie or operating system. In your case, the user agent field is most likely being used to identify mobile devices.

    If you are using Apache, a lot of the attackers will modify the htaccess file to set up these re-directs. Sometimes, the redirect with all the conditional logic will be injected on a homepage of a website. With these injections, the code is usually heavily obfuscated to avoid detection.

    Here’s a good article by Sucuri of a recent campaign using conditionals redirects.

    https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html

    Thread Starter randomeisterdan

    (@randomeisterdan)

    Thank you so much for your reply. Do you think this can be manually removed by just identifying the infections and just deleting them or does it require some coding of sort?

    Moderator James Huff

    (@macmanx)

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Multisite network malware – redirection to another site when browsed via mobile’ is closed to new replies.