Suspicious codes found in WordPress wp-config.php file
A Sophos Senior Threat Researcher, Paul O Baccas found a malware codename, Troj/PHPShll-B in a WordPress wp-config.php file that was installed in one of their IT department friend’s website.
This malware was first detected by SophosLabs automated systems as Mal/Badsrc-C from the downloaded index.html file.
Further analysis, Paul saw a suspicious piece of code written in base64 string format in the wp-config.php file. When translated, the code will only be served if the User-Agent is Internet Explorer.
Sophos now detects and disinfects this modified code as Troj/PHPShll-B.
They believed it is most likely the code was injected via compromised FTP credentials. Sophos also recommends WordPress users to regularly auditing their WordPress wp-config.php file and make sure to use strong login passwords to avoid the account being compromised.
I have checked all my eight WordPress blogs wp-config.php files and luckily there are no weird strings or suspicious codes found in them. How about you?
via Troj/PHPShll-B: Malware injects itself into WordPress installations
nicole says
Great identification of the threat. In todays new generation of online services its very important to have strong authentication and secure passwords.
I work for a security software company, EZMCOM we are conducting a survey to find out security threats faced by business. Participants will be entered for a lucky draw were iPod shuffles will be won. Please click on the link to take the 2minute survey http://www.surveymonkey.com/s/2HCM8TJ
Please also like and share our Facebook Page http://www.facebook.com/EZMCOM
Thanks guys!
Sanwar Hossain says
5 important tips for make total security of your computer