SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. mwjs-iframe-injected501

mwjs-iframe-injected501

Description: A Remote and malicious iframe was identified. It is used to load malware from external web sites. Some details here:New Web Malware Attacks Using .Ru/In.CGI?16 and here: Distributed Malware Network Outbreak Using Stats.php.

This is a very common malware infecting thousands of sites (Jun/Jul 2012). Some of the domains being used:


govtds27.co.cc/tds/in.cgi?defaul
http://purplebeetle.ru/in.cgi?16
http://orangeroller.ru/in.cgi?16
http://hochuinter.ru/in.cgi?8
http://expertinter.ru/in.cgi?8

Those links lead to multiple exploit kits affecting desktop (Windows) users.

Affecting: Any web site (no specific target).

Clean up: Malware is hidden at the index.php or index.html files.

Malware dump: