Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware entry: MW:BLUEH:2Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Description:

Code used to insert a malicious javascript on sites hosted at Bluehost and Dreamhost. Loads malware from: http://vancouvererrorsonfile.com


Details:

http://blog.sucuri.net/2010/08/yet-another-series-of-attacks-part-x-vancouvererrorsonfile-com-and-the-hilarykneber-group.html


Clean up:

Run the following script: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html


Malware dump (base 64 added to the .php files):


 



For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb