« previous next »
Pages: [1]   Go Down

Author Topic: Site with backdoor detected as PHP:Shell-BV [Trj] by avast!  (Read 3965 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Site with backdoor detected as PHP:Shell-BV [Trj] by avast!
« on: December 29, 2013, 02:57:29 PM »
See: https://www.virustotal.com/nl/url/3830068d9654cc146e07ca2d7b00a42957804419723b643f0ad59655218fe670/analysis/1388324435/
No alerts here: http://urlquery.net/report.php?id=8606334
Nothing here: http://sitecheck.sucuri.net/results/www.bywordofmouthmusings.com/wp-content/themes/headway-2013/style.css
See decoded files here: http://jsunpack.jeek.org/?report=c022969edfb303648080b8a2159d1a189fb439ab
major security issue which is under constant attack: http://wordpress.org/support/topic/major-security-issues-under-constant-attack-help
Quote
<?php $auth_pass = "xxxxxxxxxxxxxxxxxxxxxx"; $color = "#df5"; $default_action = 'FilesMan'; $default_use_ajax = true; $default_charset = 'Windows-1xx1'; server compromittal...
see: http://maldb.com/www.bywordofmouthmusings.com/
External link header problem: htxp://cdn.dsultra.com/js/registrar.js Suspicious -> http://forum.joomla.org/viewtopic.php?f=621&t=684752
info credits go to kenmcd -  site is about hiding advertising in a frame
External link cannot be found: http://www.booyahcreative.com/%C2%A0%C2%A0--

polonus

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »