Hi Raja,
Can you upload all the files ? I don't see any one has captured it.
http://malwr.com/analysis/e1f3a6fc6f497df6f837822fd122d485/
https://www.virustotal.com/file/4421c2669aaadfebd79de1b5fa8b969854bc3c8782fa144f25f7e6f0a1cc40a6/analysis/1334164847/
On Wed, Apr 11, 2012 at 10:06 PM, Raja Subramanian
<rajasuperman at gmail.com>wrote:
Hi,
I have had a recent malware injection on a WordPress website I host.
The malware sample is here: http://pastebin.com/7X9imPGp
Can anyone decipher what this script is doing and how much damage
it has caused?
This stuff appeared in several files in my WP installation, new files
created inside wp-includes/css/<long-string>/, and in
wp-includes/Text/Dos/<junk-website-name>/.
I've had 2 incidents during the first incident one directory contained a
full mock up of Amazon Germany website with drive-by downloads
and my web account was used to send phishing emails to this URL.
This is the 2nd attempt and I have greatly limited the damage caused
as I had tightened WP security.
If anyone is interested I can upload the entire website with all the
infected
files for review.
- Raja
_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
