SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. mw-javascript-check2

mw-javascript-check2

Description: A remote javascript include call was detected and used to redirect the browser to a malware Check.php file.

We are seeing this malware very often on outdated WordPress sites and hosts using vulnerable Plesk.

Some domains being used to distribute malware:


http://andws.com.br/ti/Check.php

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html files.

Malware dump: