Sucuri Malware Labs

Description: A conditional redirection (Blackmuscats) was detected on the web site, sending users to a domain pushing the Fake V to anyone visiting the compromised site.

This is a very common malware infecting thousands of sites (Jul/Aug 2012).

Updates in names being used: http://labs.sucuri.net/?note=2012-08-02

Some of the domains being used:
http://my-supas.ru/blackmuscats?5 http://my-supa.ru/blackmuscats?5 http://supa-web.ru/blackmuscats?5 http://my-supas.ru/blackmuscats?5 http://moisupas.ru/blackmuscats?5 http://moi-supas.ru/blackmuscats?5 http://mysupas.ru/blackmuscats?5 http://moi-supa.ru/blackmuscats?5 http://my-supa.ru/blackmuscats?5 http://supa-web.ru/blackmuscats?5 http://nashi-fitnes.ru/azebrise/niklas.php .. many more domains..

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html files.

Malware dump:
.. No dump available (redirecting to Fake AV)..

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb