Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About
I don't think we have logged about it lately, but an old infection (that started early this year) is still going strong. The result is this code being injected to the site when visited by certain browsers:



And the hidden code that generates it is tricky to find and generlly hidden inside one of the theme files or wp-includes (on WordPress sites). It looks like this:



All that to the end goal: Inject an iframe from *no-ip.biz (and other free domains) that will redirect the browser of the victim to Fake AV.