Traffic Redirection Malware On Website

Traffic Distribution System (TDS) On Infected Websites

This malware technique is widely used to monitor and redirect traffic from compromised website to malicious content or paid referrals. In past, we highlighted similar cases in our blog: Blacklisted website used to drive traffic to 'penny stock website'

Malicious TDS flow

Background

ThreatSign! client received complaint from his customer that his website got blocked when accessed from Google Chrome. 

Malware details

Upon internal malware scan the infection was identified inside WordPress theme. Obfuscated malicious code generated hidden iframe redirecting visitors to TDS from where they got landed on 3d party pages depending on location, web browser type and other parameters. In some cases, user gets redirected to fake Adobe player download page.

Obfuscated Malicious JavaScript Code

Decoded Malicious Iframe

VirusTotal report : https://virustotal.com/en/url/0a2d7c043097045c7e3ed1e0fb3ca6c48942223a342d66f35afed8f3d365ef3c/analysis/1461252848/

Detection rate

Malware clean-up

Search for similar code inside your WordPress theme. If you suspect that your website was infected by this or similar malware please select from our Website Anti-malware Monitoring plans and our experts will be happy to clean it up for you.