SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwjsiframe213



An encoded javascript was found inside the site content and and it is being used to hide an iframe call to a site distributing malware.

Any user visiting the infected site could be compromised. Some desktop antivirus will flag it as Troj/Iframe-DQ, Trojan/Script.Gen, HEUR:Trojan.Script.Iframer and others, depending on the intermediary domains and AV product (this malware has a low detection rate - 4 out of 43 on virus total).


Domains used in this attack:
(and many others)


Any web site (no specific target).


Clean up:

This malware is generally hidden at the bottom of the .html or PHP files. Sign up here to get the site clean up: Signup


Malware dump (sample of malware):