Home / malwarePDF  


First posted on 07 December 2017.
Source: Microsoft

Aliases :

There are no other names known for Trojan:JS/HideLink.A.

Explanation :


We have seen this malicious JavaScript file added to compromised websites running vulnerable versions of Joomla and WordPress. In some cases, it can be an infected Joomla or WordPress template or module.


Adds hidden website content

This threat hides content off the screen of websites you are viewing.

The malicious JavaScript is added to the HTML content of the compromised webpage, just before the section. You can find this code by searching the HTML content of the website for “document.write(”. An example of the malicious code is shown below:

When this JavaScript is run, the document.write() adds the following code to the page:

This code places the class named dnn off the screen, so the user will not see its content. Inside the class dnn, there is typically text and links that are used to improve the search engine result ranking of the tageted websites. For example, we have seen it hiding links to “Advanced Cash”:

Analysis by Geoff McDonald

Last update 07 December 2017