browser hijack within Dashboard
-
I was on WordPress.com several days ago…everything seemed fine. I was either on encodey.wordpress.com or goldmarble.wordpress.com — I don’t remember which. I went to my Dashboard, opened a menu on the left side of the screen (under the “W” logo) and clicked on “Reader,” because I wanted to see new posts. It was the first time I had used this option.
Immediately the screen flashed white, said Warning! with a red WOT rating symbol; then I was redirected to what appeared to be my Reader screen. I immediately backed out, logged off of WordPress, and did a scan — I found the virus “Win32:Zbot-UEO [Trj]” contracted at 9:44:34 PM on 7/7/14; I have a feeling you all would be able to tell if I was on WordPress.com at this time or not — I was too shocked to mark the time.
I did a boot-time scan, a full virus scan and a malware scan; the above virus was all I could find. This is *after* having publicly posted about the “Like” buttons on one or both of my active blogs having a clickjacking warning (preventing me from using them at all), which caused me to disable “Likes” by default. I’ve also gotten the same clickjacking warnings on other people’s “Like” buttons around WordPress.com — but not all of them.
I read one article that said that Themes were a way for people to get in through a “back door” on one’s account — I immediately changed the theme back to Sorbet upon logging back on to WP, and do not remember what theme I was using before. However, on one account (either encodey.wordpress.com or goldmarble.wordpress.com?) I got a pop-up window thanking me for using Sorbet by Automattic; on the other account, I didn’t.
How can I be sure my account is secure?
Thank you for any time spent on this.
–paintedstone
The blog I need help with is: (visible only to logged in users)
-
Themes ARE a way people put malware on blogs, but the themes at WordPress.com are not vulnerable to this kind of attack. Whatever is wrong with your blog has nothing to do with the theme. It sounds to me like there’s a problem with your malware/virus detection if it’s consistently giving you clickjacking warnings on a mere Like button.
-
Hi there,
Regarding your concerns about the security of your WordPress.com account: I checked your account, and I see that 6 days ago you changed your password. If you did that yourself, you should be fine. There’s nothing else in your account indicating any changes or evidence of hacking.
If you’d like to make your account more secure, you can also enable two-step authentication: Two Step Authentication
Regarding the virus: As raincoaster mentioned, the themes at WordPress.com aren’t vulnerable to the kind of attack you mentioned. It’s possible that a browser add-on, extension, or toolbar is adding unsafe links to your browser, and that’s what your virus scanner is finding. I’d recommend disabling any suspicious add-ons in your browser to see if that resolves the issue.
- The topic ‘browser hijack within Dashboard’ is closed to new replies.
WordPress.com Forums 