Malware entry: MW:IFRAME:ENC1560

Description:

A hidden and dangerous iframe was identified. It loads content from remote web sites in attempt to exploit a specific browser vulnerability. In some variations, the browser is redirected to blackhat seo spam sites. It is also known as “Exploit:HTML/IframeRef.AA” by some anti virus products.

 
Note that every PHP, HTML and JS file gets compromised by this malware.

 
Affecting: Any web site. Often on outdated WordPress, Joomla and osCommerce sites.

Clean up: You can also sign up with us and let our team remove the malware for you.

 
Loads malware from multiple sources:

http://tds83.1dumb.com/stds/go.php?sid=1
http://pokosa.com/tds/go.php?sid=1
(and many other domains).

 

Malware dump (sample of malware):

More information: Malware entry: MW:IFRAME:ENC1560

Story added 11. March 2012, content source with full text you can find at link above.