Home Testimonials Company Support 1–888–873–0817
Home Notes Malware Signatures About

Malware entry: MW:JS:613

Description: Encoded javascript included and used to distribute malware. It calls a malicious iframe once loaded. Also known as "HTTP Malicious Toolkit Variant Activity 12", the "createCSS" malware and a few others.

Very similar to MW:JS:612, but this one uses external intermediaries to load the malware (/js.php, /count.php, /facebookphp, /showthread.php, etc). Also detected as MW:IFRAME:HD421.

Domains used:

Affecting: Any web site (no traffic specified)

Clean up: Contact support@sucuri.net for help or request a malware clean here: http://sucuri.net/signup/

Malware dump:

Full sample: http://tools.sucuri.net/?page=tools&title=blacklist&detail=1904108e77b4e9381c721ad87381e853