Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.rks_injection.4

Description: Malware injections related to massive hacks of websites hosted on Rackspace and Mediatemple back in 2010-2011

INjected scripts load iframes from multiple sites (eg. hxxp://div.electronicscommission[.]com/in.cgi?2, etc).

Typical injected code

< script type="text/​javascript" src="/wp-content/plugins/lightbox-plus/css/teal/​audio-player.php"></​script>


Affecting: WordPress websites. Mostly on Rackspace and Mediatemple.

Mitigation
How to clean a hacked WordPress site


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb