SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd572

malware-entry-mwiframehd572

Description:

A hidden and malicious iframe was identified. It is related to the latest "stats.php" outbreak and has
been compromised thousands of sites. More info here: Distributed Malware Network Outbreak Using Stats.php.

It loads malware from multiple sources:


http://www.lifeshiftdevelopment.com/stats.php
http://oxsanasiberians.com/downloads/stats.php
 (and many other domains).

This is used to load malware from external web sites while not being visible to the user.

Affecting:

Any web site

Clean up:

This malware is generally hidden on .js or .php files without heavy encoding.

 

Malware dump (sample of malware):