Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: MW:GREPADD:2

Description:

Malware used on the Network Solutions mass attack: http://blog.sucuri.net/2010/05/new-infections-today-at-network.html

This file may have multiple names: .nts, counter.cgi, root.ini, root.cgi, etc. All inside the cgi-bin. At the end, it redirects users to sites loading malware:

http://virtual-ad.org/in.cgi?2
http://grepad.com/in.cgi?3

 

Clean up:

Remove the php.ini file from inside the cgi-bin directory.


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb