Updated: December 30, 2010
The umniktds.ws malware places code and an additional file on website that causes the websites to intermittently redirect to malware. Code is placed in .php files which, when the file is requested in requests another file placed on the website, most often named style.css.php or copper.php, that contains the code that causes the redirect. The folder containing the style.css.php file will also contain other files used in the hack. The malware has so far caused websites to redirect to umniktds.ws, smarttds.ws, or razumtds.ws. We have contaced the domain name register and hoster of the websites about the issue.
Recent Code placed in .php files:
Recent Code placed in style.css.php files: