SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware-entry-mwrks4

malware-entry-mwrks4

Description: Code used to insert a malicious javascript into many
sites hosted at Rackspace and Mediatemple. This javascript is decoded to load iframes
from multiple web sites (eg. http://div.electronicscommission.com/in.cgi?2, etc).

Infection: It infects a javascript file to only load malware to IE users. The following backdoors are being used:
http://sucuri.net/?page=tools&title=blacklist&detail=59848d99216e36195cdb6ddf945bb478
http://sucuri.net/?page=tools&title=blacklist&detail=a256e28126fa92d2b26dcc86dcbed379

Clean up: Contact support@sucuri.net for help.

Malware dump:document.write('<script type="text/javascript" src="/wp-cont...