This is a second time that my site, KrpMag.com (It is currently reported and I am appealing with them so I am not going to make a link since google will take it as a relationship between malware sites), has been report to StopBadware.
The relationship on “Reported Attack Site!” said I have a malware that hosted on momscashblog?!?!? WTF I have no link or relationship with this site before. I have scanned my whole files and can’t find any virus or trojan. Fortunately Google webmaster tool has a lab tool (this time) so I can see what is the malware!!!
My website must got some kind of hi-jack on wordpress that I was trying to update to the new version everytime, but for the plug-ins, you wouldn’t know which one has a good protection. The best of protection is.. make the file un-writeable on those plug-ins.
The malware look like this.
It was injected in plugin name “wp-polls” and I have the new version downloaded from developer site and couldn’t find that part of script in it. So this has been hi-jack by WordPress hole since November 2009, I am sure.
Once the javascript encode and write to the page look like this
So this will produce a hidden-iframe that point to momscashblog which has been reported Malicious software includes 3 trojan(s), 3 exploit(s), 1 scripting exploit(s).!!!! OMG
So, you must use Google Webmaster Tool or findout where is the suspicious javascript/iframe injected in your WordPress directory. I hope this help.