Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About
Today we found a malicious iframe that was being loaded from juquery.com (another fake jquery site). It consisted of the following code hidden inside one of the plugins:



It forces the site to contact juquery.com/jquery-1.6.3.min.js on every page load and display whatever content is provides. It is currently displaying the following malicious payload (triggered by sitecheck):



Which creates another iframe based on the payload hosted at: httx://www.juquery.com/compability.php?0.09432658250443637:



Which also decodes to the iframe loading script:



It seems that fake jquery sites are becoming more and more popular and only jquery.com and jquery.org should be trusted.