SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. mwjs-iframe-document-write3


A suspicious iframe was identified in the site. It it used to load malware from external PHP files in an attempt to infect anyone visiting the compromised site. The iframe is also hidden via javascript.

This is done to hide the original URL and make it harder for scanners to identify the malware.

Not very common type of malware. Some URLs:
.. a few more..

Those are often used to redirect the browser of anyone visiting the site to Fake AV (anti virus). However, since this is a generic rule, the malware can change from site to site.

Any web site (no specific target).

Clean up: Nothing specific.

Last update: 2013/Feb

Malware dump:

document.write (v50fe948d3db27("3C696672616D65206E616..