SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. malware-entry-mwjsiframe781


Description: Conditional malware identified and hidden inside an encoded javascript block. It is used to hide an iframe used for a Fake AV campaign.
Domains involved:
.. others within (randomly generated)

Affecting: Common on Vbulletin sites.

Latest update: 2013/Jun

Malware dump:

document.write(String. fromCharCode('>uv{ng@0vnnt:nq"}"rqukvkqp..