Attack of the BrowserDetect

This infection has been around for awhile, but it’s been more popular recently.

We’ve been seeing it after the closing html tag in index.html files:

There have been other domains in place of too, but the bottom line is that the above script performs a series of browser checks then creates an iframe.

This infection has been seen in Zen Cart, osCommerce, WordPress and Prestashop websites by us, but I’m certain that it’s just the infection used at the moment.

If you’ve experienced this infection and need assistance with it, please call us at (847)728-0214 or email me at

If you have any comments to add to this, please leave a comment below.

Thank you.


gogele analytics infection

We’re seeing some websites infected with code that starts with:

gogele analytics start

It then continues with:

(opening script tag)try{document.asd.removeChild({})}catch(q){ss=””;s=String;}ddd=new Date();…eval(ss);(closing script tag)

and ends with:

gogele analytics end

We’ve been seeing this in index.html files usually immediately following the opening body tag ().

So far, no other common factors in the sites we’ve cleaned this from.

If you have any further information you’d like to share, please post a comment. If we find more information we’ll be sharing it here.

If you know of someone who could benefit from this information, please share it, Tweet it, post it on your Facebook or LinkedIn pages.

If you need help cleaning this, you can call us at (847)728-0214 or email directly at:

Thank you.