Updated: August 9, 2010

The malware places malicious JavaScript into a website's web pages and or JavaScript files that access malware located on either,,,, or We contacted the hosting provider for those malicious websites and they were disabled at approximately 3PM MDT on August 6. On August 8, the DNS service for the domains was shut down following our contact with their provider. Until new hosting is found the malware will not be infectious. To clean the website, the website needs to be reverted to a clean backup or the malicious code needs to be removed from the web pages and or JavaScript files. The malware has been infecting websites hosted with Media Temple and Rackspace.

Recent Script Format On Web Pages:

Recent Script Format On JavaScript Files: