Description:
A suspicious block of javascript code was identified. It builds a (possibly malicious) iframe that we could not properly identify. It uses the javascript eval() call and multiple levels of obfuscation to make harder to analyze.
Malicious iframes are often used to distribute malware from external web sites while not being visible to the user.
Signature:
This is not a signature-based rule, but uses a decodification method to simulate the javascript and determine its behavior. Our engine found it to be malicious (related to drive-by downloads).
Affecting:
Any web site sites (no specific target)
Clean up:
This malware is generally hidden inside the javascript files. Sign up here to get it clean up: Signup
Malware dump (sample of malware):