Quttera web security advantage official blog.
Posts on computer and internet security, website monitoring, malware and viruses. Analysis of latest and most interesting web malware detected by Quttera's online website scanner. Malicious payload detection and dis-assembly. Website malware clean-up and blacklisting removal help. News and insights on information security.
This infection pulled out from the malicious websites list submitted by users to our free Online Website Malware Scanner. If your website visitors complain that they experience the same when they access your website, then probably you were hit by the same malware.
Note: since the scan was completely outside-in (HTTP-based) we're not posting here the PHP portion of the malware.
When this infection loads, your website visitor gets presented with the "Checking your browser" window (see below screenshot). A "Continue" button is there, asking for the user-action in order to complete this stage of the attack. When user clicks this button, it generates random URL that points to another page located on the same server. The URL will have the prefix ?pagerd_
When investigating further and following such generated link, we got the following PHP errors:
Pointing out the malware in infected footer.php file of the installed WordPress theme.
Above info shows the path to detect and remove the discussed malware. In order to stay safe and avoid future infection it is essential to keep all passwords safe, WordPress files up to date and of course use only trusted and constantly updated/fixed plugins and themes.