SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwjsdepack


Description:Encoded javascript using a packer by Dean Edwards. This packer can be used on legitimate applications, but is often deployed by attackers to hide their scripts.

In this case we found it to hide remote javascript/iframe calls to malicious web sites (very common on WordPress sites compromised via the timthumb.php vulnerability).


Domains distributing malware:
(and many more)...

Affecting: Any web site (no specific target).


Malware dump: