SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwoscom1

malware-entry-mwoscom1

Description: Code used to insert a malicious javascript on sites
using OsCommerce. Loads malware from:
http://khcol.com/page/?ref=aHR0cDovL2FtZXJpY2F....bWluLw==
nt02.co.in
nt002.cn
nt02.co.in
nt04.in
nt06.in
nt07.in
http://webarh.com/r.php
http://77.78.245.63/index.php
http://kirm-sky.ru
http://nt04.in

More details: http://blog.sucuri.net/2010/10/oscommerce-attacks-kirm-sky-ru.html

Most of the sites affected also had a few PHP files inserted inside the
/images folder, generally called inclasses.php or phpclasses.php.

Malware dump: