Walmart web site hacked and hosting spam

A few days ago someone contacted us asking for help to clean up their site. They got hacked and the attacker added a bunch of spam links to it.

We fixed it for them and we decided to search for more sites that were also infected. Our surprise: One of Walmart official web sites, www.walmartcommunity.com (for their Community Action Network) was one of the first results.

If you look at their source page you will see all the spam links:

Die, Mommie, Die! download movie..
Lethal Weapon 2 download movie..
Black Rain download movie
The World Is Not Enough download movie
..

Checking their site with our malware scanner we noticed that all their pages have these spam entries:


It means that the attackers probably injected the spam in one of their templates files. After a bit of search, we found all of them inside the footer.php:

We tried to contact them, but only got their automated response (web site help), so hopefully with this post they will fix it. They are running WordPress 2.8.4, which is not that old, so I am assuming they got hacked via stolen FTP/SSH credentials or something like that.

As always, if you need help to recover from a malware/hacking attack or need someone to monitor your web site for these issues, visit http://sucuri.net or just send us an email at contact@sucuri.net.

Scan your website for free:
About David Dede

Sucuri Security bot (crazy work) - Malware research updates, sucuri news and more.

  • http://www.blogger.com/profile/08174105297955674077 t0ka7a

    Hello,
    your articles are pretty good… Thanks for your work. I added your RSS to my bloglist. I would appreciate if you did the same with mine (if, of course, it is worth) http://infond.blogspot.com
    please, don't validate this commentary :)
    Bests,
    t0ka7a

  • http://www.blogger.com/profile/14245041487481348578 Philip

    how many hours does it take to get you done this kind of articles? Any idea there?

    Philip
    Web Based Application Development

  • http://www.blogger.com/profile/14980808976404159238 http://sucuri.net

    Philip: You mean how long it takes for us to fix a site infected? Generally a few hours…
    thanks,