Posted on December 30, 2012 8:00 pm

Malware Entry: MW:EXLOITKIT:BLACKHOLE1

Description:

An encoded javascript (or a redirection to it) was detected, leading browsers to the Blackhole Exploit kit (v1.x). It attempts to exploit the browser of anyone visiting the site using a combination of multiple vulnerabilities (Java, Adobe PDF, Flash and others). This is one of the most common type of malware we are seeing on web sites lately (2012/Mar).

Note that any PHP, JS or .htaccess could be compromised by this type of malware.

Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.

 

Tech Note:  We have been dealing with this malware spreading onto our Shared-hosting WordPress sites.  After discovering this has spread through a end-user, we were able to pinpoint the cause.  We have since “Hardened” most of our WordPress installations since September 2012.  We still see the spread of this malware through the use of JavaScript holes within plug-ins.

Part of preventing this malware from spreading onto your site is to ensure your file and folder permissions are set correctly.  Having 755 and 666, settings for Active Websites is a bad idea.  CHMOD’ing files and folders to ensure the Public can’t just access and edit your website structure through exploits within WordPress   Technically, exploits are features.  A Feature of WordPress is the issue that certain vulnerabilities exist when an attacker can extend their access through simple file permission issues.

Has your website been hacked?  Are you receiving the RED Warnings to your website?

SNX Consulting can help clean up your site.  Even if we are not hosting your wordpress site.