SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.rks_injection.4

malware.rks_injection.4

Description:
Malware injections related to massive hacks of websites hosted on Rackspace and Mediatemple back in 2010-2011

INjected scripts load iframes from multiple sites (eg. hxxp://div.electronicscommission[.]com/in.cgi?2, etc).

Typical injected code

< script type="text/​javascript" src="/wp-content/plugins/lightbox-plus/css/teal/​audio-player.php"></​script>

Affecting: WordPress websites. Mostly on Rackspace and Mediatemple.

Mitigation
How to clean a hacked WordPress site