What malware is this unknown_html_RFI_eval here...

See: http://www.virustotal.com/url-scan/report.html?id=f16c00ce29eca8b77381b0796b769361-1325099988
Bitdefender flags the site…
Blacklisted here: http://siteinspector.comodo.com/public/reports/show_log?id=39866
suspicious here: http://urlquery.net/report.php?id=13763
Nothing found here: http://www.virustotal.com/file-scan/report.html?id=841254b09789afc0350b16ab99310beb6b6968e2ec871fc1eab2c9b854f6175e-1325103597
and here: http://vscan.urlvoid.com/analysis/5151f0a5bf70b8ff3e3c16206a775bea/bXlpZC1waHA=/
Sucuri finds three instances of malware:

Malware found on javascript file:
-http://computationalcenter.com.ar/images/myid.php/404javascript.js
Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwback451

Malware found in the URL:
-http://computationalcenter.com.ar/images/myid.php
Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwback451

Malware found in the URL:
-http://computationalcenter.com.ar/images/myid.php/404testpage4525d2fdc
Known javascript malware.
Details: http://sucuri.net/malware/malware-entry-mwback451

But I get a failure: <urlopen error [Errno -3] Temporary failure in name resolution>
but see this: -http://jsunpack.jeek.org/?report=ba0f6231e80537c4229f503e5685756c9235072e
Only for the security savvy, with ample script protection and on a VM…

polonus

Comparison

Comparison In Detail

Read up about this malcode. (Thanks for the link Polonus)
[b]http://redleg-redleg.blogspot.com/p/example-of-backdoor-script.html[/b]

Backdoor Script:
PNG Format, as always

http://i795.photobucket.com/albums/yy238/Donovansrb10/ComputationalCenter-BackdoorVaiFormInput.png

Backdoor Vai Submit

Hi Donovansrb10,

Thanks, we now have an image of the backdoor script and a description of the malcode.
Hope avast can add detection for this “myid-php”- backdoor script malcode.
Bitdefender TrafficLight was the first and only extension to detect this page as unsafe, says “we detected elements that could harm your computer”, and we have now found out about what script element that is ;D

polonus

Your welcome! :wink: