Remember a few weeks ago when we reported that the official web site for the Walmart Community Action Network was hacked and hosting SEO spam?
Well, it seems that they removed the previous spam and also upgraded WordPress to latest version. Good for them!
However, I was checking the site out of curiosity today and it has another type of spam now:
This is the report from our scanner:
Instead of the “movie” spam, now they have a ringtone spam pointing to a site that is probably hacked too. An interesting thing is that if you search for these keywords you will find them on a few different sites and even on fake linkedin profiles: http://www.linkedin.com/in/downloadringtones
As far as the location where it is hidden, during the last time it inside their footer.php file. I checked it again and the new spam is also there ( http://www.walmartcommunity.com/wp-content/themes/walcan/footer.php ).
So it looks like the attackers left a backdoor (or stole their passwords again) and they using that to get in (even after having the previous spam removed and wordpress upgraded).
Security tip: If you just remove the visible malware/spam and do not do a full scan/recovery of your site and fix the underlying problem, you will get infected again.
As always, if you need help to recover from a malware/hacking attack or need someone to monitor your web site for these issues, visit http://sucuri.net or just send us an email at firstname.lastname@example.org.