Walmart community web site still hacked

Remember a few weeks ago when we reported that the official web site for the Walmart Community Action Network was hacked and hosting SEO spam?

Well, it seems that they removed the previous spam and also upgraded WordPress to latest version. Good for them!

However, I was checking the site out of curiosity today and it has another type of spam now:


samsung delve free ringtones
ringtones for prepaid cell phone
free bollywood ringtones
buy ringtone

This is the report from our scanner:

Instead of the “movie” spam, now they have a ringtone spam pointing to a site that is probably hacked too. An interesting thing is that if you search for these keywords you will find them on a few different sites and even on fake linkedin profiles: http://www.linkedin.com/in/downloadringtones

As far as the location where it is hidden, during the last time it inside their footer.php file. I checked it again and the new spam is also there ( http://www.walmartcommunity.com/wp-content/themes/walcan/footer.php ).

So it looks like the attackers left a backdoor (or stole their passwords again) and they using that to get in (even after having the previous spam removed and wordpress upgraded).

Security tip: If you just remove the visible malware/spam and do not do a full scan/recovery of your site and fix the underlying problem, you will get infected again.

As always, if you need help to recover from a malware/hacking attack or need someone to monitor your web site for these issues, visit http://sucuri.net or just send us an email at contact@sucuri.net.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.