Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware entry: MW:GDD:3Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About


Code used to insert a malicious javascript on many sites hosted at GoDaddy (the latest round of attacks using is affecting more providers).

Loads the malware from:

Generally infecting all PHP files.

Clean up:

Run the following script:

Malware dump (base 64 added to the .php files):

For all our web-based malware signatures, go here: