Malware: Case of a Malicious URL

Last week I was showing a site to a client when my spam blocker, Avast, opened the red warning window shown below.

The original client has a beautiful website that showcases her artwork. A couple of years ago we created a WordPress blog as an add-on to the basic html site. She was on her way to a residency in Europe and blogged about her work for several months. Although the blog is no longer active in the sense that she continues to add to it, it is a valuable photo archive and journal of her experiences.

It was surprising to us that she had  been hacked since the blog is not active at this time. Some searching through the source code soon led us to the answer. The blog section of her site had acquired a patch of javascript that had been inserted by a wandering bot into the source code near the top. This javascript re-directed anyone who connected to her blog to go instead to a spam site. This type of “malware” directs visitors elsewhere when you type the URL or click on a link to an URL.

The javascript code itself was not contagious from one site to another, and my own Avast program recognized it as malware, as did the Norton anti-virus program of the other visitor. But the loud alarm and red flag of the spam blocker would doubtless scare off anyone from further exploring her blog. We quickly removed the offending code and her site is back to normal.

This type of “infection” generally occurs when  you don’t have the most recent version of WordPress. WordPress updates its own platform on a regular basis and there are pros and cons to updating it yourself – see our earlier article on WordPress updates. Talk to your developer on a regular basis and ask him or her to check your current version of WordPress and see if any updates are recommended. Although we encourage all clients to let us perform a major update once a year, there is a strong case for updating sooner. WordPress is the platform on which your entire site rests. It is constantly releasing new versions to patch security leaks in earlier versions. If you don’t perform major updates on a regular basis, you are leaving your site wide open to this kind of nasty behaviour. And if you don’t host with a company that does regular backups, you risk losing everything if a more aggressive attack gets through.

Share