Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: MW:RKS:2

Description: Code used to insert a malicious javascript on sites hosted at Rackspace and Mediatemple. It was a part of a mass hack that affected a good number of sites (specially at Rackspace)

Loads malware from:
http://m3h.toolbarinc.com
http://w7c5lrhqu .newsapis .us
http://brown.smartenergymodel.com/js/ jquery.min.js
http://azure.smartenergymodel. com /js/jquery.min.js
http://r91nu.emapis.org /js / jquery.min.js
http://d0j.emapis.org/js/ jquery.min.js
http://khaki.smartenergymodel.com/ js/ jquery.min.js
http://purple.gaindirectory.org/ js/ jquery.min.js
And other domains.

Affecting: Wordpress sites hosted at Rackspace and Mediatemple (maybe other hosting companies as well).

Clean up and details:: You have to remove the injected code that is generally present at the bottom of every .php, .html or .js files (mass added by the attacker).

Links::
http://blog.sucuri.net/2010/06/mass-attack-of-wordpress-blogs-on-rackspace.html http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/

Malware sample::




For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb