SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd37

malware-entry-mwiframehd37

Description: A Hidden iframe was detected. This is often used to load malware
from infected WordPress/OpenX sites. Domains used in the malware campaign: http://inlovebot.com/vip.php?s=0
http://wsus-services.com/exploits/des.jar
http://vcerubnit.com/gjrbf78u.php?s=IBB@G
http://tetrall.com/count29.php
http://crazymasya.com/vip.php?s=1
(and others).

Affecting: Any web site (using WordPress)

Malware dump (sample of malware):

cAopeOld=0.009;copeOld++;copeWoo='';this.copeSon=['mutCope','daceAle'];aleDace={taosAle:false};aleTaos=new Date();function...

if(typeof run == 'undefined'&&clng(nav.toLowerCase())){dc.writeln..