[Plugin: Stout Google Calendar] Stout = Malware – 2 sites hijacked at night

tburge
(@tburge)

12 years, 11 months ago

My host identified this plugin as malware and here is why. This stout google calendar widget generated the following code which generates a lead landing page that replaces your entire website in some browser scenarios. This is MALWARE hidden way down deep in the scripts. Do not trust this provider.

<ul class=”widget-wrap”><li id=”stout-gc-widget-3″ class=”widget stout-gc-widget”><h3 class=”widgettitle”>Calendar</h3><iframe src=”http://valleyproirrigation.com/wp-content/plugins/stout-google-calendar/gcalendar-wrapper.php?showTz=0&showCalendars=0&showTabs=0&showPrint=0&src=qs77s4hi3rt1fdli4pbpd5u9go%40group.calendar.google.com&ctz=America/Denver&sgc0=F1F1F1&sgc1=F1F1F1&sgc2=000000&sgc3=F1F1F1&sgc4=000000&sgc5=0066CC&sgc6=000000&bubbleWidth=&bubbleUnit=pixel&sgcImage=1&sgcBkgrdTrans=0″ allowtransparency=”true” style=” border:0 ” width=”271″ height=”230″ frameborder=”0″ scrolling=”no”></iframe>

http://wordpress.org/extend/plugins/stout-google-calendar/

Viewing 3 replies - 1 through 3 (of 3 total)

mayb101
(@mayb101)

12 years, 11 months ago

What is one doesn’t enable/use the widget? Is there any way to disable this particular aspect of the code?

mayb101
(@mayb101)

12 years, 11 months ago

My code doesn’t have that. How is this generated?

Plugin Author stoutdesign
(@stoutdesign)

12 years, 11 months ago

@tburge – I don’t quite know how this plugin can hijack a site. I can assure you this is not malware. I don’t expect you to simply believe that statement so let me try to explain what’s going on.

The plugin takes your Google embed code, parses it with JSON and adds CSS to the head of the calendar that is being displayed. The gcalendar-wrapper.php script is the intermediary between your site and the Google calendar and is the script which appends your CSS styling.

The reason why Google considers it malware, on occasion, is a result of the calendar not being properly shared at some point during the setup and/or use of the Stout Google Calendar plugin. If the calendar is not shared, then Google wants authentication. The authentication ends up being parsed by the intermediary, gcalendar-wrapper.php (which is hosted on your server/ WordPress install.) When this happens, Google sees that the authentication is not originating from their servers and flags it as malware.

If, at any point in the setup and/or use of the plugin, any of your calendars were not shared and an authentication attempt was made, Google will notify the hosting company of the “malware”. Again, the Stout Google Calendar plugin is not malware and does not attempt to hijack sites, etc.

You have access to all the source code so take a look if you like. If you don’t understand the code or it doesn’t matter to you and you are uncomfortable with the plugin, then disable and delete it from your install.

I wrote this plugin to solve a problem for client sites and it still works well, without issue for me and their sites.

Best,
Matt

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Plugin: Stout Google Calendar] Stout = Malware – 2 sites hijacked at night’ is closed to new replies.