Joomla Bluestork Built in Virus
Posted in : virus, Web Design, webdesign, website on by : TruXter Tags: administrator, bluestork, exploit, joomla, theme, virus, virus scanner
Found in the error.php file
You can either replace the error page with another, or delete all on the text within the php file with text from a safe error.php file
What happened you say?
My website got shut down by my webhost. They told me there was a virus on on of my websites and told me to upload a safe copy of the website..
Well I don’t have a copy of my website. They have a copy of my website.
but. I couldn’t do anything. SO I downloaded the whole website via FTP. and decided to locate the joomla files the webhost said may be compromised.
To be certain, I downloaded a fresh copy of Joomla, and a fresh copy of blue stork and checked for a virus.
Yep. Sure enough.
The Error page has a virus in it.
I started with a simple scan with EMsisoft Emergency kit
Then moved to virscan.org single virus scanner that uses multiple scanners, to scan one device and shows you what they all find. They don’t all typically agree with each other, so it’s like getting a 2nd 3rd,4th etc opinion all at one time.
I then ran to virustotal website and performed a very similar scan. and got somewhat similar results.
The scary part, is Bluestork has been the default admin theme for Joomla for quite a long time.
It seems there is either a new virus definition going around that is much better defines, or is flawed, or bluestork people really have something to fix.
Either way, it might be in the best interest for Joomla to strip the bluestork theme out of the default themse.
I myself have stripped the error page to no text with in it at all.