Avast WEBforum

Other => Viruses and worms => Topic started by: callum.heaney on August 16, 2011, 05:20:30 PM

Title: Infection HTML:Script-inf On Wordpress Site
Post by: callum.heaney on August 16, 2011, 05:20:30 PM

I own this WordPress site hXXp://www.aictechnologies.com.au. and Avast! has suddenly stopped me from getting to it.

I get the MALWARE BLOCKED, from webshield with the HTML:Script-inf infection. it also makes reference to hxxp://www.aictechnologies.com.au/|>{gzip}

It only seems to be a issue with avast.

Can anyone help?

Thanks!

Title: Re: Infection HTML:Script-inf On Wordpress Site
Post by: Pondus on August 16, 2011, 05:29:52 PM

sorry but you are infected.... see attached screenshot

Sucuri malware info:
http://sucuri.net/malware/malware-entry-mwjsanon7
http://sucuri.net/malware/malware-entry-mwjs67473

WordPress Sites Hacked with Superpuperdomain dot com (Attacking Timthumb.php)
http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain-com-attacking-timthumb-php.html
http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain2-com.html
http://blog.sucuri.net/2011/08/update-to-the-superpuperdomain2-com-malware.html

Timthumb.php Security Vulnerability – Just the Tip of the Iceberg
http://blog.sucuri.net/2011/08/timthumb-php-security-vulnerability-just-the-tip-of-the-iceberg.html

VirusTotal - URLscan
http://www.virustotal.com/url-scan/report.html?id=5a6a885f64e7c5314b6b183d0fa65a1e-1313501063

VirusTotal - HTMLscan
http://www.virustotal.com/file-scan/report.html?id=3b7b09601842c358baef2905c75371859c35275fe7f2894f3954ddc882dc8960-1313508268

Title: Re: Infection HTML:Script-inf On Wordpress Site
Post by: polonus on August 16, 2011, 06:03:10 PM

Here you can read an update to info on

Quote

the malware infection that has been affecting thousands of WordPress sites with the vulnerable timthumb.php script

from: http://blog.sucuri.net/2011/08/update-to-the-superpuperdomain2-com-malware.html (linksource Sucuri Research blog source author: dd http://blog.sucuri.net/author/dd )

polonus

Title: Re: Infection HTML:Script-inf On Wordpress Site
Post by: polonus on August 16, 2011, 07:01:58 PM

Hi Pondus,

You were first to post that link, well hope it got noticed. Well with these backdoors it is good when a victim can restore to a back-up before the site was compromised. Never know where the next exploit will come through an existing backdoor. So back up to a known secure restore point, then update your web apllication so the backdoor has been gone,

pol