Sucuri SiteCheck – Web Malware Distribution – March 2012

Apologies for not posting stats for February. We were making some internal changes which delayed the process and skewed the data. Regardless, here are the latest stats for March.

Note: This information is based on infections found using our FREE scanner, SiteCheck. It does not include infections found via our internal monitoring service.

This illustration shows the top 26 infections identified via our signatures:

The top three infections for the month came from the following signatures:

Malware Entry: MW:ANOMALY:SP8

Description: A suspicious block of javascript or iframe code was identified. It loads  (possibly malicious) code from external web sites. It was was detected by our anomaly behaviour engine. These types of code are often used to distribute malware from external web sites while not being visible to the user.

Malware Entry: MW:HTA:7

Description: This attack uses the .htaccess file to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.

Malware Entry: MW:JS:160

Description: This malware infects a web site through a compromised desktop (with virus), where it steals any stored password from the FTP client and uses that to attack the site.

Note that every PHP, HTML and JS file can get compromised by this malware. On some variations of this attack, it is also compromised through vulnerable versions of Timthumb/WordPress.

Some anti virus programs will flag this type of malware (after infecting a computer) as Blackhole Exploit kit or similar names.


If you have questions, let us know in the comments below. Or feel free to send us an email – info@sucuri.net

Scan your website for free:
About Tony Perez

I'm a technologist with a passion for the Information Security domain. I am especially interested in malware reverse engineering, incident handling and response as well as offensive counter measures. Catch my personal rants on tonyonsecurity.com and follow on twitter at perezbox.