Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware entry: MW:GDD:4Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Description:

Code used to insert a malicious javascript on many WordPress sites hosted at GoDaddy. The malicious code is added to the database, infecting each post. Loads the malware from:


http://acrossuniverseitbenet.com/js.php?kk=10
http://www3.top-scan-foru.in

Generally infecting all WordPress posts.


Clean up:

Contact support@sucuri.net.


Malware dump (base 64 added to the .php files):



For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb