Is your site safe?

Protect your site from dangerous code

Date: June 26, 2012

I just found out on a customer site that there are some attacks trying to execute some possibly dangerous code!

A program running on a remote server was trying to execute a script named: uploadify.php that might infect the installation with some virus. The script is distributed with a number of themes and plugins as the attacker is trying to execute the malicious code from the following themes: zcool-like, pronto, wpnavigator, fresh_trailers, fresh_trailers_v2, famous, wp-eden, deep-blue, aim-theme — as well as from the following plugins: very-simple-post-images, uploadify, uploader, wp-symposium, qr-color-code-generator-basic, wp-property, pods, nmedia-user-file-uploader, motorcycle-inventory, wordpress-member-private-conversation, wpmarketplace, lbg-vp2-html5-bottom, kish-multi, image-symlinks, html5avmanager, gpress, foxypress, wp-crm, comments_plugin, chillybin-competition, bulletproof-security, apptivo-business-site, annonces, 1-flash-gallery, squace-mobile-publishing-plugin-for-wordpress.

Even if you are sure that you are not infected, I humbly suggest to double check your installation as soon as possible. In fact I recently found out that injected viruses sometimes install on a blog and show up only few weeks/months later!

To quickly check your installation you can download the myEASYcleaner Tool Beta.

The myEASYcleaner tool is able to find and remove a number of viruses as well as report for all potentially dangerous (up to my knowledge) files in your installation. The tool can also check and let you know if your database has some potentially dangerous contents.

myEASYcleaner toon

To install unzip the download file in a temporary directory and read the included .txt file.

As the tool can optionally update your files its warmly suggested to MAKE A FULL BACKUP of your installation folder before letting the tool change your files! The database is not updated, its only examined to search for potential problems.