SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd23


Description: Javascript double-encoded code used to hide an iframe.

This is used to load malware from external web sites while not being visible to
the user.

Affecting: Any web site (no specific target)

Details: Usually starts with a "document.write(unescape" followed by
another call encoded call of "document.write(unescape".