Friday, April 8, 2016

jquery min php massive malware infection

Jquery.min.php Massive Infection Of WordPress And Joomla Websites


Background

During malware cleanup from our clients websites, same infection was noticed again and again. Additionally, when reviewing latest malicious scan reports in our Online Website Malware Scanner it could be seen that almost every third website is infected with this "disguised jquery" injection. To see this, just look at latest submissions by visitors (last 2-3 hours) and click View Code link in the Threat Dump section of the report.



Hence this short post is to help you identify this malware on your website and avoid getting blacklisted.

Malicious Payload

Being injected before the <head> tags on both WordPress and Joomla platform, this malicious script generates links to malware components on 3D party infected websites. This is common technique to break the malicious code into portions and host each one on different websites in malicious chain allows to replace the code origin each time, e.g. based on clock.

jquery.min.php malware script




How to prevent the (re) infection

Everyday, attackers find new ways to hide Backdoors so it is safe to follow there rules to improve your protection:

  1. Backup your site
  2. Keep your CMS version up to date.
  3. Change you passwords periodically. Most hackers try to brute force the credentials.
  4. Change Table Prefix of database. This will avoid SQL injections.
  5. Add additional security by modifying .htaccess.
  6. In case of WordPress it is recommended to run periodically both internal and external scans with our plugin.
  7. Always keep plugins and themes updated to latest version.
If you suspect your website was compromised or would like us to remove the malware, please select from ThreatSign - website monitoring and malware clean-up plans. To run free remote scan of your websites: http://quttera.com/website-malware-scanner

For other questions, do not hesitate to contact Quttera's help-desk.