SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. mwjs-evalunesc-wscripts

mwjs-evalunesc-wscripts

Description: An encoded javascript block was identified. After decoding it loads malware from http://www.wscripts.org/pop.js and other compromised domains.

Not many sites are infected with this variation. Main injected script:


http://www.wscripts.org/pop.js

Those links lead to multiple exploit kits affecting desktop (Windows) users.

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html files.

Last update: Aug/2012

Malware dump: