154 variables and multiple obfuscation levels used to generate hidden malicious iframe
On 5 May 2013 during scheduled monitoring of the customer website potentially suspicious content was detected on home page.
Malicious iframes are often used to distribute malware hosted on external web resources(websites).
Initial threatThe detection by Website Malware Monitoring & alerting service looked like this:
[[ unescape(ZQCtZ.replace(/qz/g,'3').replace(/vFQ%/g,'%')) ]]
The final code is: