Description: A remote javascript include call was detected and used to redirect the browser to a malware Check.php file.
We are seeing this malware very often on outdated WordPress sites and hosts using vulnerable Plesk.
Some domains being used to distribute malware:
http://andws.com.br/ti/Check.php
Affecting: Any web site (no specific target).
Clean up: Malware is hidden at the index.php or index.html files.
Malware dump: