How to fix a pseudo-darkleech infected website?

How to fix a pseudo-darkleech infected website?

To recognize whether your website has been infected with Darkleech malware or not

If you didn’t do any changing to your website lately, but encountered with a pop-up window,  a floating advertisement or a strange frame that display on your webpage, this could be a sign that telling you your website has been infected by malware code.

When you try to find them out, the suspected code just disappeared as nothing happened, but hey… you just saw the AD in minutes ago. Okay, it’s time to tell you, your website has a high possibility that been infected by pseudo-darkleech malware.

 

Samples of Darkleech malicious code

My WordPress blog was infected with Darkleech malware, the code looks like this:

All of malicious codes are pointing to one of (or many of) these domains dynamically: servepics.com myftp.org myftp.biz.

 

Another sample I’m going to show is a Chinese local portal website, the administrator was not do any update to the website, but one day someone found this fraudulent information:

How to fix a pseudo-darkleech infected website?

The behavior is: you could only see this fraudulent image in the first time of browsing this website. The source code between “the people who can see this fraudulent image” and “the people who cannot see this fraudulent image (which means already seen it in a day)” has a tiny different. It has been added a div tag for a class named as “popContent” when the malicious code is appearing.

 

You may ask me how can I ensure this malicious code is on server side but not in the file of your website. This is because the feature of this malicious code, it has been written to the file only while the guest can see the effect, otherwise, the malicious code will be gone. Let’s think in the other way, if you prepare this malicious code to the file, at least you will find it whatever the effect is there or not. So I think this snippet of malicious code is much more like a WordPress plugin, which works on the server side, so it can easily insert into any file in anytime.

 

What is the solution?

In my experience, change the server can be helpful, just state this problem you have to your service provider. I did in my case, my service provider couldn’t solve this issue so I asked to change, after I deployed my blog to the new server, this annoying problem never bother me again.

 

</catmee> 文章全部原创、谢绝转载,作者「BianLei」,如果喜欢欢迎分享链接,相关内容参见本站版权声明
如果您觉得本站的存在对您多少有所帮助,可以用手机支付宝扫一扫以下二维码支付任意金额作为支持:支付宝
本站相关:QQ空间 | Facebook
Tagged , . Bookmark the permalink.

Android: Notification sticky notes source code example | Stick ListView item to notification with SQLiteDatabase manipulation
Android: Notification sticky notes source code example | Stick ListView item to notification with SQLiteDatabase manipulation

Harbin Street Photography 2015/03/03
Harbin Street Photography 2015/03/03

The Dragon Tower
The Dragon Tower

Harbin Street Photography 2015/03/10
Harbin Street Photography 2015/03/10

Snapshots of Daily Life in China & Street Photography, 2016 May~June
Snapshots of Daily Life in China & Street Photography, 2016 May~June

Comment Anonymously? No Problem! | 可以匿名评论了我会说?

Fill up Email address to subscribe reply and display your avatar from Gravatar (If any)
填写邮箱即可显示您在Gravatar的头像