Description:
This attack uses .htaccess to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.
Loads malware from (193.238.1.37):
chimeboom.ru
faqaboutme.ru
lkjoiban.ru
zxsoftpromo.ru
Affecting:
Any type of web site (no specific target).
Clean up and details:
Remove offending code from .htaccess and/or index.php.
Links:
http://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess-malware.html
http://sucuri.net/malware/malware-entry-mwhta7