SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwhta13

malware-entry-mwhta13

Description:

This attack uses .htaccess to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.

Loads malware from (193.238.1.37):


chimeboom.ru
faqaboutme.ru
lkjoiban.ru
zxsoftpromo.ru

Affecting:

Any type of web site (no specific target).

Clean up and details:

Remove offending code from .htaccess and/or index.php.

Links:

http://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess-malware.html
http://sucuri.net/malware/malware-entry-mwhta7