Zappier Technology Homepage

Yesterday, this out-dated wordpress site was hacked. The webmaster took the immediate action required. Posting the information to the public. He reports his issue to the WordPress forum and the avast! community forum. They also ask for help at StackOverFlow, but the question was removed. Google Cache saves us in this case. Lets check some of the links our friend Pondus provided us. Sucuri SiteCheck tells us that the main site contains a redirect using the .htaccess file. A similar .htaccess hack was mentioned here. Various Blackhole exploit malware is also present in case the redirect is cleared. urlQuery returns ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 3 and SPECIFIC-THREATS Blackhole landing page with specific structure – prototype catch with the severity of 1. Lets see why.

Zappier Technology JavaScript frmAdd() Function

Oh, nothing more than the typical hidden iframe that the BlackHole Exploit Kit uses.  By setting the top and left CSS rule of the iframe as -999em, it will be shown out of the user’s sight. This is to avoid being detected by scanners that search for low height and/or width. It leads to the BlackHole Exploit Hotspot,’Miami Tickets’. However, HostGator realized the malicious activity and closed the site. The user has yet to change the .htaccess rules, so the redirect to MercuryTutors is still there. Sucuri caught this behavior.

 
Stay Safe,
~!Donovan