SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwiis4

malware-entry-mwiis4

Description:
Malware javascript added to IIS sites via SQL injection.

Domains used:

http://alisa-carter.com/ur.php
http://google-stats50.info/ur.php
http://pop-stats.info/ur.php
http://sol-stats.info/ur.php
http://online-guest.info/ur.php
http://google-stats48.info/ur.php
http://multi-stats.info/ur.php
http://nbnjkl.com/urchin.js
http://jjghui.com/urchin.js
And many others. 

Details:
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-2677-inyahoo-js.html
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

Affecting: Any IIS/ASP site.

Clean up:
Revert back to your latest database backup or clean up each entry from their.

Malware dump:

<script src="http://alisa-carter.com/ur.ph..