1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning! Spam hack - virustotal undetected!

Discussion in 'BlackHat Lounge' started by jessica7689, Jul 10, 2014.

  1. jessica7689

    jessica7689 Registered Member

    Joined:
    Nov 26, 2012
    Messages:
    64
    Likes Received:
    506
    For those who are not aware..

    Please Be Careful When Downloading Wordpress Themes from Nulled Sites.

    There is a malicious code that is undetectable by virustotal. It hacks your meta/keyword description.

    The code for this hack is hidden in an "image" file typically a .png or .jpg located in wp theme folder. Most common experiences (images/social.png). You can verify this using a text editor.

    Please kill this image immediately. You can also navigate to your functions.php file and remove malicious code
    (<?php include('images/social.png'); ?>)

    This sneaky little bastard can be found on files from popular sites like nulledphp, theme123.net, etc.

    :)
     
    • Thanks Thanks x 9
    Last edited: Jul 10, 2014
  2. asap1

    asap1 Jr. VIP Jr. VIP

    Joined:
    Mar 25, 2013
    Messages:
    4,417
    Likes Received:
    2,833
    Occupation:
    Quality Control PBN
    Home Page:
    Good looking out and thanks for the warning
     
  3. Kaleesi

    Kaleesi Registered Member

    Joined:
    Jun 2, 2014
    Messages:
    71
    Likes Received:
    21
    Can Wordpress security plugins like Wordfence prevent these malicious code injections?
     
  4. jessica7689

    jessica7689 Registered Member

    Joined:
    Nov 26, 2012
    Messages:
    64
    Likes Received:
    506
    nope! Well it didnt for me.
     
  5. AmateRasu

    AmateRasu Power Member

    Joined:
    Nov 12, 2013
    Messages:
    755
    Likes Received:
    423
    Location:
    Manila,Philippines
    the no external links WP plugin will help :)

    edit : don't forget to check your wordpress files if it contains Base64 codes
     
    Last edited: Jul 10, 2014
  6. donkeytherune

    donkeytherune Newbie

    Joined:
    Jan 21, 2014
    Messages:
    25
    Likes Received:
    0
    Occupation:
    skype : afrah.malek
    damn even those have virus !
     
  7. stacy666

    stacy666 Junior Member

    Joined:
    Feb 4, 2013
    Messages:
    197
    Likes Received:
    157
    Location:
    Lollipop Chainsaw
    I never did that before, but I tried what you said and didn't find anything. I'm clean I guess.. :)
     
  8. TheUnborn

    TheUnborn Elite Member

    Joined:
    Feb 21, 2013
    Messages:
    3,041
    Likes Received:
    1,672
    Occupation:
    SEO Consultant
    Home Page:
    Thanks for letting us know
     
  9. verilix

    verilix Jr. VIP Jr. VIP

    Joined:
    Sep 18, 2009
    Messages:
    2,879
    Likes Received:
    1,277
    Thanks for the heads up. :) This is why I pay for my themes, ahhaha.
     
    • Thanks Thanks x 3
  10. Panther28

    Panther28 Elite Member

    Joined:
    May 2, 2010
    Messages:
    2,268
    Likes Received:
    3,405
    Occupation:
    Internet.
    Location:
    Internet.
    thanks Jess, Null themes are bad idea, there are a ton of other ways to hide those little nipper scripts.
     
    • Thanks Thanks x 1
  11. jessica7689

    jessica7689 Registered Member

    Joined:
    Nov 26, 2012
    Messages:
    64
    Likes Received:
    506
    • Thanks Thanks x 1
  12. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    787
    Likes Received:
    3,118
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    • Thanks Thanks x 1
    Last edited: Jul 10, 2014
  13. Oukast

    Oukast Senior Member

    Joined:
    Jan 11, 2012
    Messages:
    832
    Likes Received:
    683
    Location:
    Under the palm tree
    Is there such thing as clean and nulled file?
     
  14. Clifton Allen Says

    Clifton Allen Says Junior Member

    Joined:
    Apr 15, 2014
    Messages:
    190
    Likes Received:
    250
    Home Page:
    yes, its called buying a retail version :)
     
  15. Numbuh362

    Numbuh362 Elite Member

    Joined:
    Aug 22, 2012
    Messages:
    1,569
    Likes Received:
    462
    I always paid for my themes because I always felt that the person uploading the cracked theme would be able to hack your wp.
     
  16. juniorsand

    juniorsand Junior Member

    Joined:
    Jan 9, 2012
    Messages:
    128
    Likes Received:
    24
    Good looking out thanks