Traffic Redirection Malware On Website

· Read in about 1 min · (194 Words)
malicious javascript remove blacklisting remove malware malicious traffic website malware cleanup obfuscated malicious JavaScript blacklisted website traffic direction systems

Traffic Distribution System (TDS) On Infected Websites

This malware technique is widely used to monitor and redirect traffic from compromised website to malicious content or paid referrals. In past, we highlighted similar cases in our blog: Blacklisted website used to drive traffic to ‘penny stock website’

Malicious TDS flow

Malicious TDS flow

Malicious Traffic Distribution System diagram



Background

ThreatSign! client received complaint from his customer that his website got blocked when accessed from Google Chrome. 

Malware details

Upon internal malware scan the infection was identified inside WordPress theme. Obfuscated malicious code generated hidden iframe redirecting visitors to TDS from where they got landed on 3d party pages depending on location, web browser type and other parameters. In some cases, user gets redirected to fake Adobe player download page.

Obfuscated Malicious JavaScript Code

Obfuscated Malicious JavaScript Code

Decoded Malicious Iframe

Decoded Malicious Iframe

Malicious Iframe content after the decoding


VirusTotal report : https://virustotal.com/en/url/0a2d7c043097045c7e3ed1e0fb3ca6c48942223a342d66f35afed8f3d365ef3c/analysis/1461252848/

VirusTotal detection rate

Detection rate

Shows the number of vendors that detect malware on VirusTotal list


Malware clean-up

Search for similar code inside your WordPress theme. If you suspect that your website was infected by this or similar malware please select from our Website Anti-malware Monitoring plans and our experts will be happy to clean it up for you.

Malware clean-up and hacking recovery for websites

Get your website cleaned and removed from blacklists. Prevent traffic loss and protect your visitors now.

Emergency

$249

/ yr
1 Website
Initial Response Time
within 4 hrs.
Manual Malware Removal / Full Website Audit
Blacklisting removal
Web Application Firewall (DNS-based WAF or Endpoint WAF)
Virtual Patching and website hardening
Free SSL Certificate with the DNS-based Web Application Firewall
all features...
Create Account
Essential Security

$10

/ mo
1 Website
Initial Response Time
within 12 hrs.
Web Application Firewall (DNS-based WAF or Endpoint WAF)
Virtual Patching and website hardening
Free SSL Certificate with the DNS-based Web Application Firewall
External & Internal Malware Scanning
all features...
Create Account

more plans

Need help? contactus@quttera.com

Newsletter

Join our mailing list to receive free email updates

Subscribe now


Latest Posts
tag
© 2023 Quttera Ltd. All rights reserved.