Our website was recently hit by a web attack which utilized hidden iframe injections to redirect our customers to the malicious web-host’s website. The malware was being hosted by two sites cubanbigtop . cn, and mixgrouptravel . cn , which also infected hundreds of other websites around the world. Here are the Google diagnostic pages for them:
http://www.google.com/safebrowsing/diagnostic?site=cubanbigtop.cn/
http://www.google.com/safebrowsing/diagnostic?site=mixgrouptravel.cn/
See the line “Malicious software includes 5 trojan(s), 2 scripting exploit(s).”
My question is: What is the name of the malicious software being hosted by this website? We would like to know the name of the trojans/exploits so that we may know how to remove the malware from our computers.
Any help would be greatly appreciated!
Thanks in advance!
Jason
Jason, the best way to remove these is just to use an antivirus scanner. It will probably tell you the names, as well, of what it finds.
Although there are thousands if not millions of such malicious domains, some of them get discussed in blogs as associated with a particular type of exploit. Try a web search on each of the domains, such as:
cubanbigtop.cn gumblar OR martuz
mixgrouptravel.cn gumblar OR martuz
This page, a ways down, has links to various free online antivirus/antispyware scanners. For the actual removal, these are the way to go, not manual removal:
http://25yearsofprogramming.com/blog/20070705.htm