Joomla notice about certain extensions


US Operations
Staff member
Below we have gotten today in abuse mail as a notice to Joomla users on our network, there was no distinct domain added as the one impacted, but said numerous are infected with this malware extension set.

This is a security notice that is aimed at helping you identify and remove vulnerable extensions installed within

your website. The extension contains malicious code that is inserting hidden backlinks into your site.

The four main extensions that are vulnerable are from / / and are named:
- Autson Skitter Slideshow
- ShareThis forJoomla!
- Add This for Joomla
- Plimun Nivo Slider

You won’t be able to see these backlinks when viewing your website because they are hidden with javascript and CSS code. Your search rankings are being affected because Google can see these backlinks and identifies them as spam which is against their policies.

To view the code that the extension is inserting please use “View Source” in Internet Explorer or “View Page Source” in Chrome, or a similar function in your browser, and then search for “payday loan”. You may have to check other pages besides your homepage, as the hidden backlinks will only be shown on pages that have the malicious extensions activated on.

Please Note: The malicious extensions also have the ability to insert whatever code they want into your site, which is a major security hole.

This thread at the Joomla forum describes the vulnerability in detail. It also lists more possible extensions that could be a threat, as well instructions for removing the malicious code:

Thank you for your time and please direct any further questions to the above forum.