Monday, April 8, 2013

Hidden iframe loads malicious php

Hidden iframe to malicious domain

Background

Online Website Malware Scanner has detected malicious hidden iframe in the scanned website. Invisible to user, malicious iframe downloads content from remote malware distributor. This infected website hosts 3 injected files. 

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Website malware scanner report

Submission date: Sun Apr 7 18:59:14 2013
Infected website's files: 3
Website malware scan report link: http://goo.gl/wgttZ


Website malware scan report





























Threat dump:

Malicious redirect





Blacklisting status


The website is Malicious on Yandex.

http://www.yandex.com/infected?url=netesai.com&l10n=en


Yandex blacklisting status


Malware clean-up


Such malware is often hidden inside the JavaScript file. This specific code is very easy to locate and to remove. Look for "visibility:hidden" and/or "height:[very-small-value]", "width:[very-small-value]" in your website files.  See whether the "invisible" mark-up is not suspicious (in case it was not created by you).

If you suspect that your website was infected by similar malware please use Website Anti-malware Monitoring for remediation assessment.