SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. mwjs-include-pmg

mwjs-include-pmg

Description: An unsafe javascript include call was identified in the site. It is used to load malware from the "/pmg.php?d=x" file for anyone visiting the site. Related to the .rr.nu campaign: Latest Mass Compromise of WordPress sites – More Details.

Thousands of sites were compromised with this type of malware. Some of the domains distributing malware:


http://ens122zzzddazz.com/pmg.php?d=x
http://aising32austral.rr.nu/pmg.php?dr=1
.. many others ..

Affecting: Any web site (most common on WordPress).

Clean up: Malware is hidden at the index.php or index.html files.

Last update: Aug/2012

Malware dump: