Walmart web site hacked and hosting spam

A few days ago someone contacted us asking for help to clean up their site. They got hacked and the attacker added a bunch of spam links to it.

We fixed it for them and we decided to search for more sites that were also infected. Our surprise: One of Walmart official web sites, (for their Community Action Network) was one of the first results.

If you look at their source page you will see all the spam links:

Die, Mommie, Die! download movie..
Lethal Weapon 2 download movie..
Black Rain download movie
The World Is Not Enough download movie

Checking their site with our malware scanner we noticed that all their pages have these spam entries:

It means that the attackers probably injected the spam in one of their templates files. After a bit of search, we found all of them inside the footer.php:

We tried to contact them, but only got their automated response (web site help), so hopefully with this post they will fix it. They are running WordPress 2.8.4, which is not that old, so I am assuming they got hacked via stolen FTP/SSH credentials or something like that.

As always, if you need help to recover from a malware/hacking attack or need someone to monitor your web site for these issues, visit or just send us an email at

About David Dede

David Dede is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

  • t0ka7a

    your articles are pretty good… Thanks for your work. I added your RSS to my bloglist. I would appreciate if you did the same with mine (if, of course, it is worth)
    please, don't validate this commentary :)

  • Philip

    how many hours does it take to get you done this kind of articles? Any idea there?

    Web Based Application Development


    Philip: You mean how long it takes for us to fix a site infected? Generally a few hours…

  • zma

    hey! very interesting post! 


  • iphone developer center

    There are lots of haclers who can do even more… 

  • marketing consultants

    Hi, interesting to know walmart website hacked means they dont have enough security of good quality website to save their website…

  • John Hemmings

    It will be a constant battle to stop hacking and spam.
    Iphone App Development Services

Share This