SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. mw-redir-fakeav533

mw-redir-fakeav533

Description: A conditional redirection (Blackmuscats) was detected on the web site, sending users to a domain pushing the Fake V to anyone visiting the compromised site.

This is a very common malware infecting thousands of sites (Jul/Aug 2012).

Updates in names being used: https://labs.sucuri.net/?note=2012-08-02

Some of the domains being used:


http://my-supas.ru/blackmuscats?5
http://my-supa.ru/blackmuscats?5
http://supa-web.ru/blackmuscats?5
http://my-supas.ru/blackmuscats?5
http://moisupas.ru/blackmuscats?5
http://moi-supas.ru/blackmuscats?5
http://mysupas.ru/blackmuscats?5
http://moi-supa.ru/blackmuscats?5
http://my-supa.ru/blackmuscats?5
http://supa-web.ru/blackmuscats?5
http://nashi-fitnes.ru/azebrise/niklas.php
.. many more domains..

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html files.

Malware dump: