SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs1211

malware-entry-mwjs1211

Description: Encoded javascript malware to load the "Fake AV" virus from
multiple domains.

After decoded, it load iframes from sites like beolinkonline.com, smasmaild.com, etc.

Affecting: WordPress-based web sites.

Clean up: Malware is hidden at the header.php inside the themes directory.

Malware dump: