Sucuri Malware Labs

Sucuri on Twitter Sucuri on Facebook Sucuri on LinkedIn

Malware entry: MW:SPAM:PH23Home  |  Notes  |  Malware data  |  Signatures  |  Tools  |  About

Description Malware used on a large scale SEO SPAM work: It has a random name and is generally hidden at the top directory of a site (kip.php, fwwkd.php, mrsk.php, .data.php, etc), inside the wp-content/uploads directory (fonction.php, wp-links.php, etc) and inside a random directory on the wp-includes. It is also at the wp-includes/index.php. In some of the variations it loads the spam links from: Affecting: Any Wordpress hacked during Feb/Mar/Apr/May 2010 Malware dump:

For all our web-based malware signatures, go here: