SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwgrepadd2

malware-entry-mwgrepadd2

Description:

Malware used on the Network Solutions mass attack: http://blog.sucuri.net/2010/05/new-infections-today-at-network.html

This file may have multiple names: .nts, counter.cgi, root.ini, root.cgi, etc. All inside the cgi-bin. At the end, it redirects users to sites loading malware:

http://virtual-ad.org/in.cgi?2
http://grepad.com/in.cgi?3

 

Clean up:

Remove the php.ini file from inside the cgi-bin directory.