SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwgdd3

malware-entry-mwgdd3

Description:

Code used to insert a malicious javascript on many sites hosted at GoDaddy (the latest round of attacks using meqashopperinfo.com is affecting more providers).

Loads the malware from:

http://myblindstudioinfoonline.com/ll.php
http://theblindstudioinfoonline.com/ll.php
http://meqashopperinfo.com/js.php
http://meqashoppercom.com
http://meqashopperonline.com
http://insomniaboldinfocom.com/mm.php
http://voip.dialistico.net/products/voip.php

Generally infecting all PHP files.

Clean up:

Run the following script: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

Malware dump (base 64 added to the .php files):