Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: spam-seo.dating_spam.1

Description: Detected spammy posts with lots of links with dating related keywords.

In March of 2017 such posts had been created as a result of exploitation of security holes in WordPress (version 4.7 and 4.7.1) REST API.

Spammy posts have long lists of about 200 links per post.

<a href="hxxp://rosadodesertobrasil[.]com.br/data">uomo cerco uomo bologna</a><br />
<a href="hxxp://grozbox[.]ru/journal">grozbox.ru</a><br />
<a href="hxxp://help-plus[.]de/img">n<<tdejting svarar inte router</a><br />
<a href="hxxp://kurgan.inueco[.]ru/wordpress">site de rencontre vive les rondes</a><br />
<a href="hxxp://driquet[.]com/site">hur ska man dejta en tjej</a><br />
<a href="hxxp://mistergenius[.]be/journal">nom des sites de rencontres</a><br />



Affecting: WordPress sites that were not quick enough to upgrade to version 4.7.2 in February of 2017.

Cleanup: Delete spammy posts. Upgrade WordPress to the latest version.

For more information read: SEO Spam Campaign Exploiting WordPress REST API Vulnerability


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb