Research Blog

Malware update – Timthumb.php and .htaccess redirection

We have been very busy in our blog explaining about the latest TimThumb.php vulnerability and the affect it is having on WordPress web sites.

 

If you missed the articles, please check here:

After a few days, the malware started to evolve and the htaccess redirections changed to other domains: security-generation.ru, securitygeneration.ru, safenesscontent.ru, allowcompany.ru, securityinternet.ru, generation-internet.ru and allowupdate.ru

security-generation.ru
http://securitygeneration.ru/keys/index.php
http://safenesscontent.ru/s4one/index.php
http://allowcompany.ru/new/index.php
http://securityinternet.ru/upgrade/index.php
http://generation-internet.ru/pcollection/index.php
http://allowupdate.ru/source/index.php

(all of them registered by ivan-sushkin@yandex.ru)

So if you see any of those in your site, you know what is going on.

 
*OsCommerce sites are also getting hit with the following javascript malware: <script src=http://orangeblue.cl/js/
 
If your site is compromised, or you just want to verify, scan it for free here: http://sitecheck.sucuri.net. Need someone to clean it up for you? Sign up here: http://sucuri.net/signup.

 

Client Love

Customer satisfaction is our top priority and our clients can confirm. Check out some real recommendations from real clients.
   
   

Scan your website FOR FREE