Home Testimonials Company Support 1–888–873–0817
Home Notes Malware Signatures About
We woke up this morning to many reports and people asking why the PHP.net site is being blacklisted. We did not get a chance to analyze it while it was compromised, but it seems that one of their javascript files (static.php.net/www.php.net/userprefs.js) was modified to inject a malicious iframe from "http://lnkhere.reviewhdtv.co.uk/stat.htm".

That's the supposed bad code: http://pastebin.com/raw.php?i=nAess4xL

It seems the PHP team fixed it already and requested Google to clear it. If anyone has more info, we would love to hear it.