Known javascript malware SEO Spam with JS:HideLink-A [Trj]

Trojans detected:
Object: htxp://cuic.uum.edu.my/
SHA1: b5f572009f28343c440e2cfb497182c6bf818856
Name: TrojWare.JS.Agent.caa aka avast detects as JS:HideLink-A [Trj]
htxp://cuic.uum.edu.my/JSTAG_4[cc33][1a6] infected with JS.Redirector.246 according to DrWeb

 t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();

via autson slideshow, inoweb skitter? pr similar kind of Joomla extensions
List of blacklisted external links: 71
Outdated software: Joomla Version 2.5.4 found at: htxp://cuic.uum.edu.my/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 2.5.26 or 3.3.5
Outdated Web Server Apache Found: Apache/2.2.15

See: https://www.virustotal.com/nl/ip-address/103.5.180.158/information/

polonus

Interesting, because it’s a Malaysian Education site. You’d think the Government (Presumably who controls the site) would have more control and keep tabs on it! My school webmaster does better then this!

Well, kind of :slight_smile:

Would be interesting to see what they would say if we reported it?

Avast! doesn’t detect!