Sucuri Research Labs

Sucuri on Twitter Sucuri on Facebook

Notes from the LabHome  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

More Fake jQuery sites -

Published: 2012-11-22  by  Daniel B. Cid

We keep seeing fake jQuery sites popping up and being used to distribute malware. One was, other was and the new one is (

And this new one seems to be affecting many web sites in the last few days. All of them have the following on their header or index.php files:

Which redirects any visitor to the web site to where it is then sent to other random spammy domains (seems like a TDS is in place).

Update:We are also seeing some sites with this javascript file being included:, which just redirects back to via the same in javascript.

*Note that the domain was just registered (20-nov-2012), so it is not being flagged anywhere.
**The official jquery sites are or Other variations are likely fake.