Home Testimonials Company Support 1–888–873–0817
Home Notes Malware Signatures About
While looking at a compromised site, we found an interesting mass mailer in there. The content was encoded using eval/gzinflate and base64_decode:

But when switching the "eval" for "print" we could see the mass mailer hidden and what it was doing:

What I found interesting is that this spam tool stored all the emails in the database and the script supported options to update the email list, change content and many things like that. And every few hours the attackers would access it, update the emails and spam everyone in there.