SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwblueh1

malware-entry-mwblueh1

Description:

Code used to insert a malicious javascript on sites hosted at Bluehost. The second wave of attacks affected a few more hosting companies. Loads malware from:

http://domainameat.cc
http://ae.awaue.com

Details:

http://blog.sucuri.net/2010/06/bluehost-ceo-blog-and-others-exploites-by-domainameat-cc.html

Clean up:

Run the following script: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

Malware dump (base 64 added to the .php files):