Description:
A suspicious remote javascript include was identified. It was set in an non-standard place (before the <html> tag) and was used to distribute malware to someone visiting the infected web site.
Signature:
This is not a signature-based rule, but looks for anomaly behaviours that indicate the presence of malware. In this case, our engine found it to be malicious (related to drive-by downloads).
Affecting:
Any web site sites (no specific target)
Clean up:
This malware is generally hidden inside the PHP or ASP files. Sign up here to get it clean up: Signup
Malware dump (sample of malware):