Malware Entries

Description: A suspicious and encoded javascript was found. It used the jjencoder to hide its content, but we detected a hidden call to load content from remote web sites in attempt to exploit a specific browser vulnerability.   Note that … Continue reading →

---

Description: A hidden and dangerous iframe was identified. It loads content from remote web sites in attempt to exploit a specific browser vulnerability. In some variations, the browser is redirected to blackhat seo spam sites. It is also known as … Continue reading →

---

Description: A suspicious code was identified loading content from a blacklisted domain. Example of domains include: abcdecorez.cx.cc kokosina.in www.ironydon.co.cc solid-success.in ewinarfm.co.be companyairline.ru broadway.bee.pl search-box.in fairbankhouston.cz.cc secondon.in aht-textile.ru hhwsdfhshds.co.cc And many others. Those types of code are often used to distribute … Continue reading →

---

Description: We detected a malicious code hidden under a preg_replace with the “e” switch that acts as an eval call (code execution). It is often used to bypass simple detection methods that only look for “eval(” call itself. Use: Hide … Continue reading →

---

Description: We detected the “C99″ backdoor that allows attackers to manage (and reinfect) your site remotely. It is often used as part of a compromise to maintain access to the hacked sites. Affecting: Any web site (often through outdated WordPress, … Continue reading →

---

Description: We detected the “R57″ backdoor that allows attackers to access, modify and reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs. Affecting: Any web site (common on … Continue reading →

---

Description: We detected a highly encoded (and malicious) code hidden under a loop of gzinflate/gzuncompress/base64_decode calls. After decoded, it goes through an eval call to execute the code. Affecting: Any web site (often through outdated WordPress, Joomla, vBulletin, osCommerce and … Continue reading →

---

Description: We detected a generic backdoor that allows attackers to upload files, delete files, access, modify and/or reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs. It also … Continue reading →

---

Description: We detected a generic web shell (backdoor) that allows attackers to access, modify and reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs. Affecting: Any web site … Continue reading →

---

Description: We detected the “Filesman” backdoor that allows attackers to access, modify and reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs. Affecting: Any web site (often through … Continue reading →

---

Description: We detected an iframe or javascript that loads the Phoenix Exploit kit to compromise anyone visiting the web site. This type of malware is generally heavily encoded and hidden on javascript files or at the top of the HTML/PHP/ASP … Continue reading →

---

Description: This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site. Note that every PHP, HTML and JS file can get … Continue reading →

---

Description: A hidden and malicious iframe was identified. This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.  Note that every … Continue reading →

---

Description: A malicious javascript file was found inside the site content of the site and is being used to distribute malware. Any user visiting the infected site could be compromised (desktop antivirus will flag it as Blackhole Exploit kit, JS:Cruzer-B … Continue reading →

---

Description: A malicious javascript code was identified. It has been used on many compromised WordPress sites to redirects visitors to multiple exploit kits (Blackhole, etc).   Note that every javascript file gets compromised by this malware (in addition to backdoors … Continue reading →

---

Description: A suspicious block of javascript or iframe code was identified. It loads a (possibly malicious) code from external web sites that we could not properly identify. Those types of code are often used to distribute malware from external web … Continue reading →

---

Description: This error happens when your PHP scripts are generating errors when trying to decode multiple (hidden) eval calls in a loop. Generally happens when the site is compromised by a script injection (or backdoor) that is causing the site … Continue reading →

---

Description: A hidden and malicious iframe was identified. This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.  Note that every … Continue reading →

---

Description: An encoded javascript was found inside the site content and and it is being used to hide an iframe call to a site distributing malware.   Any user visiting the infected site could be compromised. Some desktop antivirus will … Continue reading →

---

Description: A malicious (and encoded) javascript code was found inside the site content and is being used to distribute malware (from neraller.net and other domains). Any user visiting the infected site could be compromised (desktop antivirus will flag it as … Continue reading →

---