SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. mwjs-applet-inject35

mwjs-applet-inject35

Description:

A malicious applet remote include was identified. It is sometimes encoded with javascript to hide the fact that an applet call is present. Loads malware from multiple sources:

It loads malware from multiple sources:


http://serviceandmessage.com/33256.jar
 (and many other domains).

This is used to load malware from external web sites while not being visible to the user.

Affecting:

Any web site

Clean up:

This malware is generally hidden on .js or .php files without heavy encoding.

 

Malware dump (sample of malware):