SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjsiframe213

malware-entry-mwjsiframe213

Description:

An encoded javascript was found inside the site content and and it is being used to hide an iframe call to a site distributing malware.

 
Any user visiting the infected site could be compromised. Some desktop antivirus will flag it as Troj/Iframe-DQ, Trojan/Script.Gen, HEUR:Trojan.Script.Iframer and others, depending on the intermediary domains and AV product (this malware has a low detection rate - 4 out of 43 on virus total).

 

Domains used in this attack:


http://shersby.net/sTDS/go.php?sid=1
http://port-script.com/void.php?page=3ee6c062e8e5f269
(and many others)

Affecting:

Any web site (no specific target).

 

Clean up:

This malware is generally hidden at the bottom of the .html or PHP files. Sign up here to get the site clean up: Signup

 

Malware dump (sample of malware):