mwjs-encoded-spam1 - Sucuri Labs

Description: An encoded and malicious javascript block was detected on thesite. It is used to hide a SEO Spam redirection, pushing users to spammy domains (pharma hack).

<br /> <a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com"><a href="http://medicarepillsgroup.com">http://medicarepillsgroup.com</a></a></a></a></a></a></a></a><br /> .. many others ..<br /> </code></pre> </p> <p><b>Affecting:</b> Any web site.</p> <p><b>Clean up:</b> Malware is hidden at the index.php or index.html files.</p> <p><b>Last update:</b> 2013/Jun</p> <p><b>Malware dump:</b><br /> <br /><textarea rows="3" cols="70"><br /> lcf1=[108,114,110,119,110,109,116,111,112,105,110,99,47 ..<br /> ..String.fromCharCode(lcf1[baz5]);}}<br /> ..window.location=ncg3;<br /> </code></pre></p> </div> <footer class="entry-footer wedocs-entry-footer"> <div class="wedocs-article-author" itemprop="author" itemscope itemtype="https://schema.org/Person"> <meta itemprop="name" content="Rodrigo Escobar" /> <meta itemprop="url" content="https://labs.sucuri.net/author/rodrigo-escobar/" /> </div> <meta itemprop="datePublished" content="2019-05-16T00:00:00+00:00"/> <time itemprop="dateModified" datetime="2020-07-25T12:27:24+00:00">Updated on July 25, 2020</time> </footer> <nav class="wedocs-doc-nav wedocs-hide-print"><h3 class="assistive-text screen-reader-text">Doc navigation</h3><span class="nav-prev"><a href="https://labs.sucuri.net/signatures/sitecheck/mwjs-encoded-text-enhance/">← mwjs-encoded-text-enhance</a></span><span class="nav-next"><a href="https://labs.sucuri.net/signatures/sitecheck/mwjs-iframe-hidden-push2/">mwjs-iframe-hidden-push2 →</a></span></nav> </article> </div> </div> </main></div> </div> <footer id="colophon" class="site-footer"> <div class="site-info"> <a href="https://wordpress.org/"> Proudly powered by WordPress </a> <span class="sep"> | </span> Theme: sucurikb by <a href="http://underscores.me/">Underscores.me</a>. </div> </footer> </div>  <footer id="sucuri-docs-footer"> <div class="sucuri-docs-footer-container"> <div class="grid-container"> <div class="grid-x grid-margin-x"> <div class="cell large-2"> <p class="sucuri-docs-footer-menu-heading">PRODUCTS</p> <div class="menu-products-container"><ul id="menu-products" class="menu"><li id="menu-item-595" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-595"><a href="https://sucuri.net/website-firewall/">Website Firewall</a></li> <li id="menu-item-596" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-596"><a href="https://sucuri.net/website-security-platform/">Website Antivirus</a></li> <li id="menu-item-597" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-597"><a href="https://sucuri.net/website-backups/">Website Backups</a></li> <li id="menu-item-598" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-598"><a href="https://sucuri.net/wordpress-security/">WordPress Security</a></li> <li id="menu-item-599" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-599"><a href="https://sucuri.net/custom/enterprise/">Enterprise Services</a></li> </ul></div> </div> <div class="cell large-2"> <p class="sucuri-docs-footer-menu-heading">SOLUTIONS</p> <div class="menu-solutions-container"><ul id="menu-solutions" class="menu"><li id="menu-item-606" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-606"><a href="https://sucuri.net/website-firewall/ddos-protection">DDoS Protection</a></li> <li id="menu-item-607" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-607"><a href="https://sucuri.net/website-security-platform/malware-scanning-and-detection">Malware Detection</a></li> <li id="menu-item-608" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-608"><a href="https://sucuri.net/website-security-platform/malware-removal">Malware Removal</a></li> <li id="menu-item-609" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-609"><a href="https://sucuri.net/website-firewall/stop-website-attacks-and-hacks">Malware Prevention</a></li> <li id="menu-item-610" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-610"><a href="https://sucuri.net/website-security-platform/blacklist-removal-and-repair">Blacklist Removal</a></li> </ul></div> </div> <div class="cell large-2"> <p class="sucuri-docs-footer-menu-heading">SUPPORT</p> <div class="menu-support-container"><ul id="menu-support" class="menu"><li id="menu-item-600" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-600"><a href="https://blog.sucuri.net/">Blog</a></li> <li id="menu-item-601" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-601"><a href="https://kb.sucuri.net/">Knowledge Base</a></li> <li id="menu-item-602" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-602"><a href="https://sitecheck.sucuri.net/">SiteCheck</a></li> <li id="menu-item-603" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-603"><a href="https://labs.sucuri.net/">Research Labs</a></li> <li id="menu-item-604" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-604"><a href="https://sucuri.net/faq">FAQ</a></li> <li id="menu-item-605" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-605"><a href="https://abuse.sucuri.net/">Report Abuse</a></li> </ul></div> </div> <div class="cell large-2"> <p class="sucuri-docs-footer-menu-heading">COMPANY</p> <div class="menu-company-container"><ul id="menu-company" class="menu"><li id="menu-item-611" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-611"><a href="https://sucuri.net/company">About</a></li> <li id="menu-item-612" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-612"><a href="https://sucuri.net/company/media">Media</a></li> <li id="menu-item-613" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-613"><a href="https://sucuri.net/company/events">Events</a></li> <li id="menu-item-614" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-614"><a href="https://sucuri.net/company/employment">Employment</a></li> <li id="menu-item-615" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-615"><a href="https://sucuri.net/company/contact-us">Contact</a></li> <li id="menu-item-616" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-616"><a href="https://sucuri.net/customers/">Testimonials</a></li> </ul></div> </div> <div class="cell large-4 text-center"> <div class="footer-social-icons"> <ul class="list-inline"> <li class="list-inline-item"><a class="p-ft-social-fb" href="https://www.facebook.com/SucuriSecurity" target="_blank" rel="noopener noreferrer"><i class="social-icon facebook"></i></a></li> <li class="list-inline-item"><a class="p-ft-social-tw" href="https://twitter.com/sucurisecurity" target="_blank" rel="noopener noreferrer"><i class="social-icon twitter"></i></a></li> <li class="list-inline-item"><a class="p-ft-social-ld" href="https://www.linkedin.com/company/899487" target="_blank" rel="noopener noreferrer"><i class="social-icon linkedin"></i></a></li> <li class="list-inline-item"><a class="p-ft-social-ig" href="https://www.instagram.com/sucurisecurity/" target="_blank" rel="noopener noreferrer"><i class="social-icon instagram"></i></a></li> </ul> </div> <div> <p><a href="https://dashboard.sucuri.net/login/" class="btn login mp-ft-login auto-track" data-gatrack="Button_Click, Footer_Login">Customer Login</a></p> </div> <div class="footer-logo-wrapper"> <a href="/" class="footer-logo"></a> </div> </div> </div> </div> <div class="grid-container sucuri-docs-footer-b"> <hr> <div class="grid-x grid-margin-x"> <div class="cell medium-8 large-8"> <ul class="list-inline unstyled-list"> <li class="list-inline-item"><a class="mp-ft-copyright-terms auto-track" data-gatrack="Button_Click, Footer_Terms_Of_Use" href="/terms-of-service">Terms of Use</a></li> <li class="list-inline-item"><a class="mp-ft-copyright-priv auto-track" data-gatrack="Button_Click, Footer_Privacy_Policy" href="/privacy-policy">Privacy Policy</a></li> <li class="list-inline-item"><a class="mp-ft-copyright-faq auto-track" data-gatrack="Button_Click, Footer_FAQ" href="/faq">Frequently Asked Questions</a></li> </ul> </div> <div class="cell medium-4 large-4 copyright text-center"> <p>© 2020 Sucuri Inc. All rights reserved.</p> </div> </div> </div> </div> </footer> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/plugins/wedocs/assets/js/anchor.min.js?ver=1.6.2' id='wedocs-anchorjs-js'></script> <script type='text/javascript' id='wedocs-scripts-js-extra'> /* <![CDATA[ */ var weDocs_Vars = {"ajaxurl":"https:\/\/labs.sucuri.net\/wp-admin\/admin-ajax.php","nonce":"a64f6df5ea","style":"https:\/\/labs.sucuri.net\/wp-content\/plugins\/wedocs\/assets\/css\/print.css","powered":"\u00a9 Sucuri Labs, 2023. Powered by weDocs<br>https:\/\/labs.sucuri.net"}; /* ]]> */ </script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/plugins/wedocs/assets/js/frontend.js?ver=1599764082' id='wedocs-scripts-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/navigation.js?ver=20151215' id='sucurikb-navigation-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/skip-link-focus-fix.js?ver=20151215' id='sucurikb-skip-link-focus-fix-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/foundation.min.js?ver=0.1' id='foundation-js-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/custom.js?ver=0.1' id='sucuri-wp-custom-js-js'></script> <script id="module-flowchart"> (function($) { $(function() { if (typeof $.fn.flowChart !== "undefined") { if ($(".language-flow").length > 0) { $(".language-flow").parent("pre").attr("style", "text-align: center; background: none;"); $(".language-flow").addClass("flowchart").removeClass("language-flow"); $(".flowchart").flowChart(); } } }); })(jQuery); </script> <script id="module-prism-line-number"> (function($) { $(function() { $("code").each(function() { var parent_div = $(this).parent("pre"); var pre_css = $(this).attr("class"); if (typeof pre_css !== "undefined" && -1 !== pre_css.indexOf("language-")) { parent_div.addClass("line-numbers"); } }); }); })(jQuery); </script> </body> </html>

SiteCheck Signatures