Suspicious codes found in WordPress wp-config.php file
A Sophos Senior Threat Researcher, Paul O Baccas found a malware codename, Troj/PHPShll-B in a WordPress wp-config.php file that was installed in one of their IT department friend’s website.
This malware was first detected by SophosLabs automated systems as Mal/Badsrc-C from the downloaded index.html file.
Further analysis, Paul saw a suspicious piece of code written in base64 string format in the wp-config.php file. When translated, the code will only be served if the User-Agent is Internet Explorer.