SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs611

malware-entry-mwjs611

Description: Remote javascript (or iframe) included to load malware from external web sites. Multiple domains are used as intermediaries:


mnepoher.com/in.cgi?default
merchant.aegispayments.com/in.cgi?default
http://85.234.190.42/tds/in.cgi?default
http://globalwat.com/counter/in.cgi?default
http://x-traff.info/in.cgi?default
trafficworld.biz/sutra/in.cgi?default
mmcounter.com/tds/in.cgi?default
centiyo.com/in.cgi?default
wantfinest.com/tds/in.cgi?default
194.8.250.211/tds/in.cgi?default
sunstats1.net/in.cgi?default
govtds27.co.cc/tds/in.cgi?defaul

Those links lead to the "Fake AV" and other desktop virus (affecting Windows users) / SutraTDS / Traffic Redistribution Systems.

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html files.

Malware dump: