SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs1304

malware-entry-mwjs1304

Description: Javascript encoded and hidden inside the HTML or PHP page. It is used to create an iframe to distribute malware hidden to the end user. In some cases it hides the content inside the "<body onload" or sometimes just as a plain javascript entry.

Domains used:


94.63.240.145
sausagesments.com
zirycatum.com
numudozaf.com
http://cubyfonizi.com/k985ytv.htm

Affecting: Any web site. It uses stolen FTP passwords to compromises the site (similar to Gumblar).

Clean up: Request support here (or sign up here).

Malware dump: