WordPress Blogs Hit With Malware…

Got a few Friends pointing out yesterday that my site was affected by malware… But on checking Google Webmaster I found no such errors there… But when i tried to login into the Dashboard today morning i got many Javascript errors… On using Firebug to debug it I found perticular javascript codes were appended to the fotter of my blog…Which mentioned various php files like…




I gueesd this would be coming from a peculiar looking long base64 encoded string added to many of my php files… Upon searching more on the web I came accross an article by Sucuri which explains a bit about this attack:

“We are seeing multiple reports today of WordPress sites (running their latest version) getting compromised. The initial reports today were restricted only to Dreamhost, but now we are seeing the same pattern on blogs hosted at GoDaddy, Bluehost, Media temple and other places…
One thing very interesting that is becoming a trend is that the malware is also hiding from Google. This causes the site to do not get blacklisted, making it harder for the owner to notice….”

The encoded string is decoded here…  http://sucuri.net/malware/entry/MW:MROBH:1

The main issue now is to remove this particular javascript in all the php files, and how can i remove them in a single go… Sucuri has a solution for that too.. Have a look here..