Author Topic: JS:Blacole and commitse.ru on Chrome  (Read 6275 times)

0 Members and 1 Guest are viewing this topic.

LAH

  • Guest
JS:Blacole and commitse.ru on Chrome
« on: September 02, 2012, 02:44:17 PM »
My mac started freezing up while doing web development/WordPress work with Chrome. I installed Avast and ran a scan. That scan froze up. Finally Avast came up with JS:Blacole in a popup message. I stopped using Chrome and things ran much smoother with Safari. But I LIKE Chrome so I uninstalled and reinstalled and of course everything started happening again. While working on a client's site I suddenly got a red warning page "(domain) contains content from commitse.ru, a site known to distribute malware..." see attached.

I read on here to clear all browser history, cookies, etc. from Chrome and I've done this. I ran a full system scan successfully and it only came up with warnings about some images (things from my clients).

Is there anything else I should do? I don't know if I should go into my client's sites with Chrome again.

Any help is greatly appreciated!
« Last Edit: September 02, 2012, 11:12:04 PM by LAH »

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Blacole and commitse.ru on Chrome
« Reply #1 on: September 02, 2012, 10:32:11 PM »
Hi,

The site (your client's) was likely hacked, due to Wordpress being outdated.

~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

LAH

  • Guest
Re: JS:Blacole and commitse.ru on Chrome
« Reply #2 on: September 02, 2012, 10:36:50 PM »
Donovan

Thanks for the reply, but the WordPress is right up to date and my Chrome problems started happening several days before I started on her site. I did run her site through Google's malware check and it came up clean. I don't get any warnings or freeze ups in Safari.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Blacole and commitse.ru on Chrome
« Reply #3 on: September 02, 2012, 10:48:52 PM »
Hi,

I see Wordpress version 3.3.1; The latest is version 3.4.1.

~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

LAH

  • Guest
Re: JS:Blacole and commitse.ru on Chrome
« Reply #4 on: September 02, 2012, 11:17:15 PM »
No, it's running 3.4.1. Probably the update was run after the screenshot. But regardless, WordPress versions cannot screw with my computer/Chrome several days before I actually go into that website. The upgrades are good, but they're not magic.

This problem started before I began work on that site.

Thanks though.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: JS:Blacole and commitse.ru on Chrome
« Reply #5 on: September 02, 2012, 11:45:57 PM »
My mac started freezing up while doing web development/WordPress work with Chrome. I installed Avast and ran a scan. That scan froze up. Finally Avast came up with JS:Blacole in a popup message. I stopped using Chrome and things ran much smoother with Safari. But I LIKE Chrome so I uninstalled and reinstalled and of course everything started happening again. While working on a client's site I suddenly got a red warning page "(domain) contains content from commitse.ru, a site known to distribute malware..."

The Blackhole Exploit uses a Buffer Overflow utilizing eval and j%3.

This problem started before I began work on that site.

Which leads me to suspect while Wordpress was outdated, it was hacked. I assume an admin php file(s) (index.php, etc..) could contain suspect content. Check the php files for suspicious long lines of code.

Some general instructions are here:
http://www.ericitzkowitz.com/hacked-blackhole-exploit-kit-removal

You may want to read this:
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: JS:Blacole and commitse.ru on Chrome
« Reply #6 on: September 02, 2012, 11:52:07 PM »
One could always do a security scan using this plug-in: http://wordpress.org/extend/plugins/exploit-scanner/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

LAH

  • Guest
Re: JS:Blacole and commitse.ru on Chrome
« Reply #7 on: September 03, 2012, 12:32:51 AM »
I wasn't clear, sorry. What I meant is I've had problems every time I use Chrome on any website (before the one I mentioned) and Avast found the JS:Blacole first when I was using Chrome, but not on a client's site. So I cleared  out the history, etc. from Chrome, but I'm hesitant to use it again. Though I did run a full scan. My mac had started to freeze up for the first time ever. When I stopped using Chrome it does not freeze up.

I will use that plugin to check the client's site though, thank you.