Description: A suspicious iframe (malframe) was identified on the site. It is using a non-standard port and generally coming from another compromised server.
Very common injection during 2013 Sep/Oct. Some domains being used in the injection:
http://yrbynus.sytes.net:12601/classes/gentoo.php http://findersslicing.biz:7761/customer_login/ .. and many more..
Those are often used to redirect the browser to SEO spam sites via a TDS. .
Affecting: Any web site (no specific target).
Clean up: Nothing specific.
Last update: 2013/Oct