WordPress site attacked

A customers WordPress site is displaying ads again.



Don’t have all the information, but there were links to www.superfish.com. This site turns out be some visual recognition software.

Here is some of the code in the page that I believe is linked to the attack.


<iframe src=”http://www.superfish.com/ws/userData.jsp?dlsource=wjfudcm&amp;userid=NTBCNTBC&amp;ver=2015.″ style=”position: absolute; top: -100px; left: -100px; z-index: -10; border: medium none; visibility: hidden; width: 1px; height: 1px;”></iframe>

The code for the box was just above the ending body tag. Below is some of the code that was found.

<div id=”similarproducts_side_slider class=”__similarproducts similarproducts_side_slider false style=”right: 0px;>
<div class=”side_slider_header>
<div class=”header_tongue>
<div class=”vertical_text>Deals</div><div class=”offers_count></div><div class=”unit_title>Special Deals</div>
<div class=”x _close_unit></div>
<div class=”collapse _collapse></div>
<div class=”expand _expand></div>

Will try to post more info if I can.


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.