| Search (advanced search) | ||||
Use this Search form before posting, asking or make a new thread.
|
|
10-21-2012, 09:11 PM
Post: #1
|
|||
|
|||
[GET] ThemeForest - Super Massive Wordpress Theme V4.2
![[Image: rX8tv.png]](http://i.imgur.com/rX8tv.png) down load link: survey link is not allowed here! |
|||
|
10-22-2012, 09:09 AM
Post: #2
|
|||
|
|||
|
RE:
DON'T GO NEAR THIS LINK - IT'S ONE OF THE ''COMPLETE AN OFFER, FIRST" CRAP
|
|||
|
10-22-2012, 09:30 AM
Post: #3
|
|||
|
|||
|
RE:
THX for this theme im download thx again
|
|||
|
10-22-2012, 09:48 AM
Post: #4
|
|||
|
|||
|
RE:
here the theme people [LINK REMOVED BY STAFF]
REASON --> http://bestblackhatforum.com/Thread-GET-...#pid245288 Last Chance! |
|||
|
10-22-2012, 06:44 PM
Post: #5
|
|||
|
|||
|
RE:
ABOVE SHARE FROM EXILON IS INFECTED
The only good thing is that the domain hosting the offsite injected code is currently suspended I'm not accusing Exilon, as it's the only infected share from Exilon - and it's easy to re-share an infected file. I've cleaned it - please find the cleaned version below. Code: http://uploadmirrors.com/download/XLTICLS9/Super_Massive_Wordpress_Theme_V4.2.rarCode: https://www.virustotal.com/file/f14babed2598dc03375ffc5e9dca97e6ea95c6a1d5ac077dfeac9b038b316773/analysis/1350895218/Enjoy, Si  |
|||
|
10-22-2012, 06:51 PM
(This post was last modified: 10-22-2012 07:02 PM by exilon.)
Post: #6
|
|||
|
|||
|
RE:
im sorry only down the file and put again nothingo more and no pass for virustotal , i was error sorry
explain me please , im download the file again , my link pass virus total and say this , you say me is infected im not understand , thx SHA256: f6f5f368bfb988aa2e915595adf006549b9bdac0c1c0d0fcd703f3cb931492ff Nombre: Themes.rar Detecciones: 0 / 42 Fecha de anĂ¡lisis: 2012-10-22 08:58:53 UTC ( hace 0 minutos ) |
|||
|
10-22-2012, 07:28 PM
Post: #7
|
|||
|
|||
|
RE:
why do these new ppl come here a try to get ppl to fill out surveys etc?.....wtf
|
|||
|
10-22-2012, 07:49 PM
Post: #8
|
|||
|
|||
|
RE:
Hi Exilon,
No worries, it's easy to do, these infections (wp-header type) are created to infect nulled scripts, wp plugins, wp themes then inject a payload into the wp installation, this can be anything from a simple link insertion to full blown malware and trojans. These infected files spread by users sharing, like this, the infection is added by an individual - many have been caught on here Typically the more valuable, newest etc type files, so people will be keen to get them and share them. The nature of the infection, in the actual theme/script/plugin is very simple - looking like normal code, actually a curl function, so every virus scanner that I've seen so far just simply allows by and ignores, only a manual check is totally effective. a line was added to functions.php Code: include'lib/admin/inc/function.php';this called the injecion script, which is a curl function to fetch content from Code: http://www.wpquery.co/jquery-1.6.3.min.jsthis is a usual tactic, to try and make the host domain and url look realistic - something jquery is very typical usually, this initial call will do a referrer check and deliver a javascript call, this then fetches the payload. In this case, that host domain shows as suspended. Cheers, Si |
|||
|
10-22-2012, 10:46 PM
Post: #9
|
|||
|
|||
|
RE:
sime69 thx for the explanation man , really thx
|
|||
