Malware Signatures

  1. Home
  2. Malware Signatures
  3. js.spam-seo.hiddendiv.001

js.spam-seo.hiddendiv.001

Hidden DIV is one of the most common malware type. This kind of injection usually looks like block of code enclosed between the DIV tag. The malware creators are usually hiding it via css properties using techniques such as negative positioning, but very common way is injection of obfuscated JavaScript code which purpose is not very clear and is hard to decode. Such JavaScript code is responsible for hiding the iframes or other page elements.

Affecting

Any website

Cleanup

You can sign up with us and let our team remove the malware for you.

Dump

<div id="linkm">
<ul>
<li>
<a href="http://----.-------.cn/dianxian/bjjryy/">
±±Ÿ©Ÿ©ÈÊҜԺ
</a>
</li>
<li>
<a href="http://www.--------.cn/jkbk/sxkjyy/">
Î÷°²¿µœÜҜԺ
</a>
</li>
</div>

slightly obfuscated JS code which purpose is to hide this page element:

var _$=["x6cx69x6ex6b","x6d","x6ex6f","x6ex65"];document.getElementById(_$[0]+_$[1]).style.display=_$[2]+_$[3];

deobfuscated:

var _$=["link","m","no","ne"];document.getElementById("linkm").style.display="none";