Hi Raja, Can you upload all the files ? I don't see any one has captured it.
http://malwr.com/analysis/e1f3a6fc6f497df6f837822fd122d485/ https://www.virustotal.com/file/4421c2669aaadfebd79de1b5fa8b969854bc3c8782fa144f25f7e6f0a1cc40a6/analysis/1334164847/ On Wed, Apr 11, 2012 at 10:06 PM, Raja Subramanian <[email protected]>wrote: > Hi, > > I have had a recent malware injection on a WordPress website I host. > > The malware sample is here: http://pastebin.com/7X9imPGp > > Can anyone decipher what this script is doing and how much damage > it has caused? > > > This stuff appeared in several files in my WP installation, new files > created inside wp-includes/css/<long-string>/, and in > wp-includes/Text/Dos/<junk-website-name>/. > > I've had 2 incidents during the first incident one directory contained a > full mock up of Amazon Germany website with drive-by downloads > and my web account was used to send phishing emails to this URL. > > This is the 2nd attempt and I have greatly limited the damage caused > as I had tightened WP security. > > If anyone is interested I can upload the entire website with all the > infected > files for review. > > - Raja > _______________________________________________ > ILUGC Mailing List: > http://www.ae.iitm.ac.in/mailman/listinfo/ilugc > -- Regards, Balasubramaniam Natarajan www.etutorshop.com/moodle/ _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
