Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: spam-seo.spammy_post.1

Description: Detected spammy posts related to the online movie streaming and downloading scam.

In March of 2017 such posts had been created as a result of exploitation of security holes in WordPress (version 4.7 and 4.7.1) REST API.

The spammy posts have screenshots from movies and buttons that invite to watch them. Here's a typycal sample of the HTML code of the links they use:

<a href="hxxps://moviefake[.]com/en/watchmovies/978857/Fifty-Shades-Darker-2017.html"><img src="hxxps://image.tmdb.org/t/p/w650_and_h365_bestv2/sBGpgqHeuVe8xLzu7ReibjdnBxf.jpg" /></a>
<a rel="dofollow" href="hxxp://boxoffice76[.]com/movie/573067/the-transporter-refueled-2015.html" title="Also you can download Movie The Transporter Refueled (2015)" style="font-size:1px">Watch movie online The Transporter Refueled (2015)</a>



Affecting: WordPress sites that were not quick enough to upgrade to version 4.7.2 in February of 2017.

Cleanup: Delete spammy posts. Upgrade WordPress to the latest version.

For more information read: SEO Spam Campaign Exploiting WordPress REST API Vulnerability


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb