Bryan

We Have Fixed the Blackhole Exploit Kit Virus!

Posted on 02 March 2012 by Bryan

If you’ve visited WeArePartyAnimals.org recently, cheap you may have seen a weird warning pop-up from your Anti-Virus program (I use AVG) that mentioned “Blackhole Exploit Kit.”  Apparently it has also shown up as some sort of Adobe update.  If you haven’t seen it, generic good!  Apparently it only sends out the virus intermittently in order to be more difficult to detect.

 

 

Unfortunately I haven’t been able to find a sufficient explanation for clearing our servers of this theat… UNTIL NOW!  Today I was looking for a solution (again) and I came across this article from ComputerPartsGreenville.com.  I was able to fix the problem in under 5 minutes.  Thanks, see Carl from Computer Parts Greenville!

 

Here is the easiest way to fix the Blackhole Exploit Kit virus on a WordPress site:

Download the Timthumb Vulnerability Scanner and then upload it to their plugins directory. Webmasters should then navigate to the Tools tab in their WordPress admin panel and then click the Scan button.  The scanner will identify infected thumb.php and timthumb.php files, but webmasters must manually delete them. Next, users can choose to update vulnerable files.

 

For more information on the Blackhole Exploit Kit virus, check out these links

http://www.computerpartsgreenvillesc.com/secrets-of-the-blackhole-exploit-kit-revealed/

http://www.computerpartsgreenvillesc.com/blackhole-exploit-kit-faking-google-analytics/

http://www.computerpartsgreenvillesc.com/woo-themes-framework-and-blackhole-exploit-kit-attacks/

 

UPDATE:

Also make sure to check this file “wp-includes/category-template.php” 

I found malicious code added to the top  of the file

 

2 Comments For This Post

  1. King Leonku Says:

    thank you very much i also had one of my websites compromised with that timthumb thing and it fixed it just in minutes.

  2. Woody Says:

    Our website was recently hacked by the Blackhole Expolit Kit. The virus scan on our server could not detect it even while it was obviously present. AVG had no suggestions, our webhost was useless but after reading as much as I could find I had a brainstorm.

    I simply looked at every file in every folder of our website on the host server and discovered several new files were added at the same time June 12, 2013 09.32; I also discovered every page of our website had increased in file size by 5 – 6kb at 5:30 on June 12th.

    I changed the password on my FTP; from inside the webhost server (cpanel) I deleted every file that had been alterred on June 12th; and then reloaded my backup files. The problem was fixed and we are back in business

Leave a Reply


Party On, Wayne!:
July 2020
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031EC