Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware entry: MW:JS:222Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Description:This encoded javascript loads malware from:
*.myads.name/system/caption.js
*.adsnet.biz/system/caption.js
*.toolbarcom.org/system/caption.js
*.mybar.us/system/caption.js
*.freead.name/system/caption.js
bl.prshow.org/js/in.js
bl.pqshow.org/js/in.js
bl2.prshow.org/js/in.js
bl2.pqshow.org/js/in.js
*.ipwn.ws
*.crocro.biz/
*.etufg.com/tools/js.js
sliero.co.cc

And some sub domains within it: "vagi.","vain.","vale.","vars.","vary.","vasa.","vaut.", "vavs.","viny.","viol.","vrow.","vugs.","vuln."

Affecting: Any web site (common on Wordpress and Joomla) hosted at Rackspace, Mediatemple and Bluehost.

Malware dump:

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb