Latest Malware script attacks Responsive WordPress and Joomla Websites
Alert for Responsive WordPress & Joomla website developers & website admins
In the past 10 days most of the wordpress and Joomla websites are infected by a unknown malware. This is a responsive malware. Visitors will not find it in desktop whoever browsing the websites in mobiles your website will redirect to porn sites. This will surely make your visitors uncomfortable. Some people say it as virus attack in wordpress or Joomla websites
What is the Malware script affecting WordPress and Joomla Websites?
Just view source of your website, you will find the code within tag.
Securi Labs http://labs.sucuri.net/?details=letcaro.com
Other Malware scripts in this domain
letcaro.x24hr.com . 1/61 2015-01-24 21:00:13
http://letcaro.com/ 5/61 2015-01-23 06:37:04
http://letcaro.x24hr.com/ 3/61 2015-01-22 19:52:21
http://isupport.x24hr.com/ 5/61 2015-01-21 20:47:07
http://isupport.x24hr.com/tds/go.php?sid=1 3/61 2015-01-15 02:06:53
http://isupport.x24hr.com/tds/go.php 4/61 2014-12-18 10:02:34
http://letcaro.x24hr.com/js/couter.js?ver=1.2.11 1/61 2014-12-17 08:14:26
http://letcaro.com/js/couter.js?ver=1.038 4/61 2014-12-12 10:00:53
http://letcaro.x24hr.com/js/couter.js? 2/60 2014-11-12 15:35:22
http://letcaro.x24hr.com/js/couter.js?ver=1.2.8 5/58 2014-09-07 09:15:31
http://isupport.x24hr.com/tds/go.php?sid=12&g= 4/52 2014-06-12 06:38:08
http://isupport.x24hr.com/tds/go.php?sid=1%20HTTP/1.1 5/52 2014-06-10 22:28:09 http://isupport.x24hr.com/tds/go.php?sid=1%20HTTP/1.0 4/52 2014-04-25 07:42:26 http://isupport.x24hr.com/mutlp/j1fl47eewmi.php
What the malware will do?
This malware will redirect your visitors to a porn website those who are browsing in Mobiles. So this is undetectable in desktop. It is basically a responsive malware.
How you can remove the malware from wordpress?
I personally advice all the wordpress website admins & developers to check your website for this malware attack.
Open you wordpress wp-includes in ftp
Find the general-template.php
Search for the word: base64_decode
Remove the entire code