SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframehd765

malware-entry-mwiframehd765

Description: Javascript encoded to hide an iframe from
http://mnbadew.com/toplist/in.cgi?9 (and some other domains).

This is used to load malware from external web sites while not being visible to the user.

Affecting: Any web site

Clean up: This malware is generally hidden on .js or .php files without
heavy encoding. Searching/replacing any gcounter.cn entry should fix it.

Malware dump (sample of malware):


<div style='visibility:hidden;' id='j3ak74yf'>rzzes3doncrzzes3jtppcrzzes3umennrzzes3cjtpprzzes3t.wrirzzes3ncjrzzes3tppterzzes3('ncjrzzes3tpprzzes3rzzes3');ncrzzes3jtpprzzes3...