Iframe Bigdeal777(dot)com Mass Infection

Posted by admin on Tuesday, January 31st, 2012 | 6,145 views

Internal honeypots have reported a lot of websites infected with a hidden and malicious iframe code that is added at the end of the HTML tag or before the BODY tag of the page, the malicious iframe looks like this:

Download the iframe code (pass is novirusthanks.org):

iframe.zip / 1 KB

Here is a small list of websites infected with this malicious code:

angelofdeath .pl
megavid .pl
invertus .lt
gelincikgiyim .de
ganacarne .com
strekowagora .cba .pl
nurevi .net
bijoux-fantaisie-online .com
f4c-test .1gb .ru
die-baurs .info
trenuje24 .pl
satalbak .com

Details about the malicious domain:

Website: bigdeal777 .com
Domain Hash: c87366528f961835580ae7c78f4a8903
IP Address: 178.63.141.211
IP Hostname: static.211.141.63.178.clients.your-server.de
IP Country: -- (--)
AS Number: 24940
AS Name: HETZNER-AS Hetzner Online AG RZ
Organization: serveradmin.pl S.C.

URLVoid report:

http://www.urlvoid.com/scan/bigdeal777.com

Posted by admin on Tuesday, January 31st, 2012 at 1:48 pm and filed under Security News with tags bigdeal777.com, exploit, gate.php iframe, iframe bigdeal777. You can skip to the end and leave a response. Pinging is currently not allowed.