[Ilugc] php malware from wordpress blog
Balasubramaniam Natarajan
bala150985 at gmail.com
Wed Apr 11 22:55:19 IST 2012
Hi Raja,
Can you upload all the files ? I don't see any one has captured it.
http://malwr.com/analysis/e1f3a6fc6f497df6f837822fd122d485/
https://www.virustotal.com/file/4421c2669aaadfebd79de1b5fa8b969854bc3c8782fa144f25f7e6f0a1cc40a6/analysis/1334164847/
On Wed, Apr 11, 2012 at 10:06 PM, Raja Subramanian
<rajasuperman at gmail.com>wrote:
> Hi,
>
> I have had a recent malware injection on a WordPress website I host.
>
> The malware sample is here: http://pastebin.com/7X9imPGp
>
> Can anyone decipher what this script is doing and how much damage
> it has caused?
>
>
> This stuff appeared in several files in my WP installation, new files
> created inside wp-includes/css/<long-string>/, and in
> wp-includes/Text/Dos/<junk-website-name>/.
>
> I've had 2 incidents during the first incident one directory contained a
> full mock up of Amazon Germany website with drive-by downloads
> and my web account was used to send phishing emails to this URL.
>
> This is the 2nd attempt and I have greatly limited the damage caused
> as I had tightened WP security.
>
> If anyone is interested I can upload the entire website with all the
> infected
> files for review.
>
> - Raja
> _______________________________________________
> ILUGC Mailing List:
> http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
>
--
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/
More information about the ilugc
mailing list