Detection and removal of malicious code on the website
Task: The client reported an issue with suspicious behavior on the website [NDA], indicating a possible malware infection. The goal was to detect and remove the malicious code to restore the safe operation of the site and prevent further spread of threats.
The work included:
— Initial audit: Conducting a scan of the site to detect malicious code, hidden scripts, and other suspicious elements.
— Detection of malicious code: Malicious code was found in the file:
/home/[nda]/[nda]/www/catalog/view/javascript/jquery/jquery-2.1.1.min.js
— Reverse analysis of the malicious code: The malicious code document.write(""+"") implemented an encrypted redirect to CDN34.com, which redirected users to malicious sites.
— Analysis and removal: The malicious code was removed from the relevant file, after which a complete review of other files was conducted to ensure the absence of similar threats on the site.
— File restoration: The original, clean file jquery-2.1.1.min.js was restored to ensure its proper functioning without malicious elements.
— Site check after removal: After the malicious code was removed, the site was tested for security and proper operation to ensure the absence of further threats.
Result: The malicious code was successfully detected and removed from the site. The safe operation of the web resource was restored, the redirect to malicious sites was stopped, protecting users from potential threats. Recommendations for further security measures were prepared to prevent reinfection.
The work included:
— Initial audit: Conducting a scan of the site to detect malicious code, hidden scripts, and other suspicious elements.
— Detection of malicious code: Malicious code was found in the file:
/home/[nda]/[nda]/www/catalog/view/javascript/jquery/jquery-2.1.1.min.js
— Reverse analysis of the malicious code: The malicious code document.write(""+"") implemented an encrypted redirect to CDN34.com, which redirected users to malicious sites.
— Analysis and removal: The malicious code was removed from the relevant file, after which a complete review of other files was conducted to ensure the absence of similar threats on the site.
— File restoration: The original, clean file jquery-2.1.1.min.js was restored to ensure its proper functioning without malicious elements.
— Site check after removal: After the malicious code was removed, the site was tested for security and proper operation to ensure the absence of further threats.
Result: The malicious code was successfully detected and removed from the site. The safe operation of the web resource was restored, the redirect to malicious sites was stopped, protecting users from potential threats. Recommendations for further security measures were prepared to prevent reinfection.
Lvov 
Available for hire