Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware entry: MW:IFRAME:HD203Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About


Javascript encoded to hide an iframe from multiple sources. Including:

This is used to load malware from external web sites while not being visible to the user. It is also known as Trojan.JS.Iframe on different anti virus products.

Also related to this malware: (that generates the Blackhole exploit alert on some AVs).


Any web site

Clean up:

This malware is generally hidden on .js or .php files with heavy encoding. Searching/replacing what the scanner identified should fix it. If not, contact our support team for help.


Malware dump (sample of malware):

For all our web-based malware signatures, go here: