Opened 14 years ago
Closed 14 years ago
#12220 closed defect (bug) (worksforme)
Godaddy trojan virus bibzopl.com/in.php is infecting Wordpress
Reported by: | micasuh | Owned by: | ryan |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.9.1 |
Component: | Security | Keywords: | virus, trojan, |
Focuses: | Cc: |
Description
Seems to be affecting only WP and phpBB so far.
http://www.whitefirdesign.com/resources/bibzoplcom-malware.html
http://wordpress.org/support/topic/362584
http://www.phpbb.com/community/viewtopic.php?f=46&t=1979715&start=0
http://bermudaisanotherworld.org/forum/index.php?action=printpage;topic=2388.0
From article: "I decrypted it and it turns out to be a redirect to a PHP script file on an address that reverse DNS resolved to a Hong Kong IP address. Turns out that if you let the script run it will install the SMSS32.exe fake trojan on your machine."
Seems to be affecting both OS X and Windows but the trojan can only harm Windows. Every instance of this virus I can find is limited to sites hosted by GoDaddy.
If site has strong passwords, it's less likely to be infected apparently.
Is this beyond WP just issuing a patch for it?
Change History (3)
#1
@
14 years ago
- Milestone Unassigned deleted
- Priority changed from highest omg bbq to normal
- Severity changed from critical to normal
#2
@
14 years ago
Okay. I wasn't sure but saw increasing chatter and wanted to make sure Wordpress community knew something.
#3
@
14 years ago
- Resolution set to worksforme
- Status changed from new to closed
Hi thanks for the info. I took apart the payload described by the whitefirdesign link and it appears to be an Acrobat and/or Java virus, probably designed to infect PHP files on the victim's hard drive.
Please follow up if you find a problem with WordPress itself :)
This is a sever security issue -- eval code is getting stuffed into the top of PHP files, WordPress or not -- not a WordPress issue. So yea, nothing we can do here.