Latest Malware script attacks Responsive WordPress and Joomla Websites

 In Framework Updates

Alert for Responsive WordPress & Joomla website developers & website admins

In the past 10 days most of the wordpress and Joomla websites are infected by a unknown malware. This is a responsive malware. Visitors will not find it in desktop whoever browsing the websites in mobiles your website will redirect to porn sites. This will surely make your visitors uncomfortable. Some people say it as virus attack in wordpress or Joomla websites

What is the Malware script affecting WordPress and Joomla Websites?

Just view source of your website, you will find the code within tag.
Securi Labs http://labs.sucuri.net/?details=letcaro.com

Other Malware scripts in this domain

isupport.x24hr.com
isupport.x24hr.com
isupport.x24hr.com
isupport.x24hr.com
isupport.x24hr.com
isupport.x24hr.com
letcaro.com
letcaro.x24hr.com . 1/61 2015-01-24 21:00:13
http://letcaro.com/ 5/61 2015-01-23 06:37:04
http://letcaro.x24hr.com/ 3/61 2015-01-22 19:52:21
http://isupport.x24hr.com/ 5/61 2015-01-21 20:47:07
http://isupport.x24hr.com/tds/go.php?sid=1 3/61 2015-01-15 02:06:53
http://isupport.x24hr.com/tds/go.php 4/61 2014-12-18 10:02:34
http://letcaro.x24hr.com/js/couter.js?ver=1.2.11 1/61 2014-12-17 08:14:26
http://letcaro.com/js/couter.js?ver=1.038 4/61 2014-12-12 10:00:53
http://letcaro.x24hr.com/js/couter.js? 2/60 2014-11-12 15:35:22
http://letcaro.x24hr.com/js/couter.js?ver=1.2.8 5/58 2014-09-07 09:15:31
http://isupport.x24hr.com/tds/go.php?sid=12&g= 4/52 2014-06-12 06:38:08
http://isupport.x24hr.com/tds/go.php?sid=1%20HTTP/1.1 5/52 2014-06-10 22:28:09 http://isupport.x24hr.com/tds/go.php?sid=1%20HTTP/1.0 4/52 2014-04-25 07:42:26 http://isupport.x24hr.com/mutlp/j1fl47eewmi.php

What the malware will do?

This malware will redirect your visitors to a porn website those who are browsing in Mobiles. So this is undetectable in desktop. It is basically a responsive malware.

How you can remove the malware from wordpress?

I personally advice all the wordpress website admins & developers to check your website for this malware attack.
Step 1:
Open you wordpress wp-includes in ftp
Step2:
Find the general-template.php
Step3:
Search for the word: base64_decode
Step 4:
Remove the entire code

Recommended Posts

Leave a Comment

Start typing and press Enter to search