37.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

10-21-2012, 09:11 PM
Post: #1
[GET] ThemeForest - Super Massive Wordpress Theme V4.2
[Image: rX8tv.png]

down load link:
survey link is not allowed here!
10-22-2012, 09:09 AM
Post: #2
RE:
DON'T GO NEAR THIS LINK - IT'S ONE OF THE ''COMPLETE AN OFFER, FIRST" CRAP
10-22-2012, 09:30 AM
Post: #3
RE:
THX for this theme im download thx again
10-22-2012, 09:48 AM
Post: #4
RE:
here the theme people [LINK REMOVED BY STAFF]
REASON --> http://bestblackhatforum.com/Thread-GET-...#pid245288

Last Chance!
10-22-2012, 06:44 PM
Post: #5
RE:
ABOVE SHARE FROM EXILON IS INFECTED

The only good thing is that the domain hosting the offsite injected code is currently suspended

I'm not accusing Exilon, as it's the only infected share from Exilon - and it's easy to re-share an infected file.

I've cleaned it - please find the cleaned version below.

Code:
http://uploadmirrors.com/download/XLTICLS9/Super_Massive_Wordpress_Theme_V4.2.rar
VT: Clean 0/44
Code:
https://www.virustotal.com/file/f14babed2598dc03375ffc5e9dca97e6ea95c6a1d5ac077dfeac9b038b316773/analysis/1350895218/

Enjoy,
Si
79.gif
10-22-2012, 06:51 PM (This post was last modified: 10-22-2012 07:02 PM by exilon.)
Post: #6
RE:
im sorry only down the file and put again nothingo more and no pass for virustotal , i was error sorry

explain me please , im download the file again , my link pass virus total and say this , you say me is infected im not understand , thx

SHA256: f6f5f368bfb988aa2e915595adf006549b9bdac0c1c0d0fcd703f3cb931492ff
Nombre: Themes.rar
Detecciones: 0 / 42
Fecha de anĂ¡lisis: 2012-10-22 08:58:53 UTC ( hace 0 minutos )
10-22-2012, 07:28 PM
Post: #7
RE:
why do these new ppl come here a try to get ppl to fill out surveys etc?.....wtf
10-22-2012, 07:49 PM
Post: #8
RE:
Hi Exilon,

No worries, it's easy to do, these infections (wp-header type) are created to infect nulled scripts, wp plugins, wp themes then inject a payload into the wp installation, this can be anything from a simple link insertion to full blown malware and trojans.

These infected files spread by users sharing, like this, the infection is added by an individual - many have been caught on here

Typically the more valuable, newest etc type files, so people will be keen to get them and share them.

The nature of the infection, in the actual theme/script/plugin is very simple - looking like normal code, actually a curl function, so every virus scanner that I've seen so far just simply allows by and ignores, only a manual check is totally effective.

a line was added to functions.php
Code:
include'lib/admin/inc/function.php';

this called the injecion script, which is a curl function to fetch content from
Code:
http://www.wpquery.co/jquery-1.6.3.min.js

this is a usual tactic, to try and make the host domain and url look realistic - something jquery is very typical
usually, this initial call will do a referrer check and deliver a javascript call, this then fetches the payload.

In this case, that host domain shows as suspended.

Cheers,
Si
10-22-2012, 10:46 PM
Post: #9
RE:
sime69 thx for the explanation man , really thx




87.gif