JS:Blacole and commitse.ru on Chrome

[LAH]

My mac started freezing up while doing web development/WordPress work with Chrome. I installed Avast and ran a scan. That scan froze up. Finally Avast came up with JS:Blacole in a popup message. I stopped using Chrome and things ran much smoother with Safari. But I LIKE Chrome so I uninstalled and reinstalled and of course everything started happening again. While working on a client's site I suddenly got a red warning page "(domain) contains content from commitse.ru, a site known to distribute malware..." see attached.

I read on here to clear all browser history, cookies, etc. from Chrome and I've done this. I ran a full system scan successfully and it only came up with warnings about some images (things from my clients).

Is there anything else I should do? I don't know if I should go into my client's sites with Chrome again.

Any help is greatly appreciated!

[!Donovan]

Hi,

The site (your client's) was likely hacked, due to Wordpress being outdated.

~!Donovan

[LAH]

Donovan

Thanks for the reply, but the WordPress is right up to date and my Chrome problems started happening several days before I started on her site. I did run her site through Google's malware check and it came up clean. I don't get any warnings or freeze ups in Safari.

[!Donovan]

Hi,

I see Wordpress version 3.3.1; The latest is version 3.4.1.

~!Donovan

[LAH]

No, it's running 3.4.1. Probably the update was run after the screenshot. But regardless, WordPress versions cannot screw with my computer/Chrome several days before I actually go into that website. The upgrades are good, but they're not magic.

This problem started before I began work on that site.

Thanks though.

[!Donovan]

My mac started freezing up while doing web development/WordPress work with Chrome. I installed Avast and ran a scan. That scan froze up. Finally Avast came up with JS:Blacole in a popup message. I stopped using Chrome and things ran much smoother with Safari. But I LIKE Chrome so I uninstalled and reinstalled and of course everything started happening again. While working on a client's site I suddenly got a red warning page "(domain) contains content from commitse.ru, a site known to distribute malware..."

The Blackhole Exploit uses a Buffer Overflow utilizing eval and j%3.

This problem started before I began work on that site.

Which leads me to suspect while Wordpress was outdated, it was hacked. I assume an admin php file(s) (index.php, etc..) could contain suspect content. Check the php files for suspicious long lines of code.

Some general instructions are here:
http://www.ericitzkowitz.com/hacked-blackhole-exploit-kit-removal

You may want to read this:
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

~!Donovan

[polonus]

One could always do a security scan using this plug-in: http://wordpress.org/extend/plugins/exploit-scanner/

polonus

[LAH]

I wasn't clear, sorry. What I meant is I've had problems every time I use Chrome on any website (before the one I mentioned) and Avast found the JS:Blacole first when I was using Chrome, but not on a client's site. So I cleared  out the history, etc. from Chrome, but I'm hesitant to use it again. Though I did run a full scan. My mac had started to freeze up for the first time ever. When I stopped using Chrome it does not freeze up.

I will use that plugin to check the client's site though, thank you.