SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjs817

malware-entry-mwjs817

Description: Javascript included and used to distribute malware on WordPress sites. Also known as the crazymasya.com or inlovebot malware.

Domains used: (all inside the 91.217.162.0/24 network):


http://crazymasya.com/vip.php?s=1
http://inlovebot.com/vip.php?s=1

Affecting: Any WordPress sites at Rackspace / Mediatemple

Clean up: Malware is not hidden and a search / replace should fix it. Contact b>support@sucuri.net if you have questions or want us to clean it up for you.

Malware dump:


function dyeSunk(khiWort,wortKhi){this.nudeDye=0.001;....