Traffic Distribution System (TDS) On Infected Websites
Malicious TDS flow
Malicious Traffic Distribution System diagram
ThreatSign! client received complaint from his customer that his website got blocked when accessed from Google Chrome.
Upon internal malware scan the infection was identified inside WordPress theme. Obfuscated malicious code generated hidden iframe redirecting visitors to TDS from where they got landed on 3d party pages depending on location, web browser type and other parameters. In some cases, user gets redirected to fake Adobe player download page.
Decoded Malicious Iframe
Malicious Iframe content after the decoding
Shows the number of vendors that detect malware on VirusTotal list
Search for similar code inside your WordPress theme. If you suspect that your website was infected by this or similar malware please select from our Website Anti-malware Monitoring
plans and our experts will be happy to clean it up for you.