SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwjs613


Description: Encoded javascript included and used to distribute malware. It calls a malicious iframe once loaded. Also known as "HTTP Malicious Toolkit Variant Activity 12", the "createCSS" malware and a few others.

Very similar to MW:JS:612, but this one uses external intermediaries to load the malware (/js.php, /count.php, /facebookphp, /showthread.php, etc). Also detected as MW:IFRAME:HD421.

Domains used:

Affecting: Any web site (no traffic specified)

Clean up: Contact b></b for help or request a malware clean here:

Malware dump:

function createCSS ( selector,d eclaration){var ua=navigator.userAgent.toLowerCase();v..

Full sample: