Text Enhance Adware now infecting WordPress through Tinymce

Add Comment

no-more-text-enhance

If you have spent any time on the internet I am sure you have seen sites with underlined links in their content. Usually this is linking you to something they want you to see of another page to go to.

However there are other types of links that when you put your mouse over them they pop-up with an advertisement.

Sometimes the website wants them there and other times they don’t.

Other times it is your machine that is infected with a virus of sorts that is causing this. One well known source for this is Text Enhance.

What is Text Enhance?

Text Enhance (Text-Enhance) is a form of bundled flash adware (categorized as a browser hijacker) that attaches to internet browsers as an extension and cookie without user consent. The primary website for Text Enhance does not allow users to download their extension, nor can their extension be found on Google Chrome’s extension database, nor any other browser’s add on database for that matter. In other words, Text Enhance is not a realistic in text advertising service.

An example of what it looks like in your browser is this:

text-enhance

When you hover the link above this ad pops-up, this is all to make you leave the site and hit whatever site they are directing you to.

So if it is a virus on a users computer why do we need to worry about it in the WordPress world?

Well it seems that if a user has this virus installed on their system and they are posting a blog post to a WordPress website/blog the virus will embed the JavaScript necessary to invoke these ads on the site.

How is this doing it?

So far the only way I can tell is it is exploiting the browser some how and using TinyMce as the gateway to get the code published to the blog.

You can see here a post that is using the visual editor has no knowledge of anything wrong:

visual
Click to enlarge

But if you change to the html editor you will see the malicious code:

Click to enlarge
Click to enlarge

So what can one do?

Well for starters you should remove the virus from your system if it is in fact infected. You can read a great article on how to do that here.

Other things you should be doing are keeping all your software up to date including WordPress and all plugins. And be sure to be running a good anti-virus program on your computer.

Please let me know if you have any questions or if I can help clear anything up for you.

/Phil

 


( If you are reading this anywhere but my blog, you can find the original post here. )