How to fix a pseudo-darkleech infected website?

How to fix a pseudo-darkleech infected website?

To recognize whether your website has been infected with Darkleech malware or not

If you didn’t do any changing to your website lately, but encountered with a pop-up window,  a floating advertisement or a strange frame that display on your webpage, this could be a sign that telling you your website has been infected by malware code.

When you try to find them out, the suspected code just disappeared as nothing happened, but hey… you just saw the AD in minutes ago. Okay, it’s time to tell you, your website has a high possibility that been infected by pseudo-darkleech malware.


Samples of Darkleech malicious code

My WordPress blog was infected with Darkleech malware, the code looks like this:

All of malicious codes are pointing to one of (or many of) these domains dynamically:


Another sample I’m going to show is a Chinese local portal website, the administrator was not do any update to the website, but one day someone found this fraudulent information:

How to fix a pseudo-darkleech infected website?

The behavior is: you could only see this fraudulent image in the first time of browsing this website. The source code between “the people who can see this fraudulent image” and “the people who cannot see this fraudulent image (which means already seen it in a day)” has a tiny different. It has been added a div tag for a class named as “popContent” when the malicious code is appearing.


You may ask me how can I ensure this malicious code is on server side but not in the file of your website. This is because the feature of this malicious code, it has been written to the file only while the guest can see the effect, otherwise, the malicious code will be gone. Let’s think in the other way, if you prepare this malicious code to the file, at least you will find it whatever the effect is there or not. So I think this snippet of malicious code is much more like a WordPress plugin, which works on the server side, so it can easily insert into any file in anytime.


What is the solution?

In my experience, change the server can be helpful, just state this problem you have to your service provider. I did in my case, my service provider couldn’t solve this issue so I asked to change, after I deployed my blog to the new server, this annoying problem never bother me again.


</catmee> 文章全部原创、谢绝转载,作者「BianLei」,如果喜欢欢迎分享链接,相关内容参见本站版权声明
本站相关:QQ空间 | 哔哩哔哩 | YouTube ★★★ 打赏:支付宝 ★★★
Tagged , . Bookmark the permalink.

Comment Anonymously? No Problem! | 可以匿名评论了我会说?

Fill up Email address to subscribe reply and display your avatar from Gravatar (If any)