Blog

Akeemdom malware poses as ad network

Posted on January 13, 2015 - 15:45 by ccondon

A PSA from Blake, our testing intern:

For the past two weeks, we have seen a large number of WordPress sites infected with a malicious script located at http://ads[.]akeemdom[.]com/db26 (Google Safe Browsing diagnostics). This infection is related to the SoakSoak campaign; in this case, the malware disguises itself as an ad network. Although the exploit itself has never delivered content to our testers, we have noticed its signatures. The following code snippet is typically inserted at the end of JavaScript files located in the infected site’s /wp-includes/ directory:

It’s often found in multiple scripts; be sure to check all the JavaScript files your site uses. Sucuri has additional analysis here

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.