The Latest in IT Security

Website Malware – SPAM Injections – HideMe – KickeMe


Every now and then you have to give thanks that attackers have a sense of humor.

For the past few weeks, maybe months, who keeps track of time anyway, we have been seeing this injection and it makes us giggle like school girls every time.

If you look a little harder you’ll usually find it’s accompanied by this JavaScript injection:

The KickeMe injection looks no different:

Again you want to make sure you find this script as well:

And if you use our free scanner SiteCheck you’ll see something like this:

Clean It Up

Here is the good news, it’s nice an easy to remove.

First, the JS injections is usually adjacent to the injection itself so they are usually very easy to detect. As always, if you’re not seeing it in the browser it’s very easy to understand why, just look at the images above and you’ll see they are being set to hidden. Easy way is to use the free scanner I mentioned above, SiteCheck, or use your handy terminal by using curl

Easy example:

# curl -D – -A “Windows”

Second, you want to find the various instances of the infection. Here is the good news, as we have mentioned before, start with the files you know generate content on the browser. Good place to start is with the files in your theme / template files. Good place to start is always your index.php, header.php, home.php, footer.php, and other similar instances. These appear to be the most common instances.

Third, you’ll want to highlight and delete the injection. That’s it. Just be sure not to delete any other information, if you stick to the content in the images above you’ll be fine.

Fourth, you’re going to want to lock things down, you obviously have a vulnerability and it’s likely an access issue.

If you find this specifically on pages then you might want to log into your administrator panel, regardless of platform, and look at your articles, pages, posts, etc.. but look at them in code view (ie., HTML view). We’re seeing a lot of instances where they are being embedded right within the pages themselves and that won’t present itself on the core files.

Ok, hope this helps someone.

Leave a reply


MONDAY, JULY 15, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments