Description: Malicious tracking code added to the page to notify attackers that a backdoor is present on that page.
Domains used (imgaaa.net, airschk.com, imgddd.net, etc):
<img heigth="1" width="1" border="0" src="http://imgaaa.net/t.php?id=6744753";
<img width=0 height=0 src="http://airschk.com/countimg.gif?id=4da620681febfa679b00b25f&p=1";
imgddd.net/t.php?id=16447842
![](http://airschk.com/countimg.gif?id=4da620681febfa679b00b25f&p=1"){kind=link}
Affecting: Any web site (generally WordPress sites)
Clean up: The malicious code has to be removed, as well as all backdoors. Contact sucuri for help.
Malware dump:
<img width=0 height=0 src="http://airschk.com/countimg.gif?id=4da620681febfa679b00b25f&p=1";