March 12, 2016

Vulnerability in the Malipoet WordPress plugin has caused a known malware infection. The attack from the malware infection cunningly attempts to gain passage for spam into the hacked site. This will eventually cause a website break and is focus is strictly on WordPress sites that have an out of date plugin or weak admin passwords.

What does it look like?

After the infection, the affected PHP code becomes buggy and this allows for the corruption of files in the website that are legitimate, it also corrupts plugin files and themes which on the long run will make a PHP error message to be displayed in replacement of the originally designed web content. An example of the error message is;

Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wpconfig.php online 91 Once the infecting malware is eliminated, there is only one solution capable of rectifying the damage, which is to restore the corrupted files from a backup. An example of what the malware looks like is given below;

 < ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…

For those running a MaliPoet, it is recommended that you perform an upgrade to the latest available version. If for one reason or the other, there is no firewall present on your website, you will need to upgrade the plugin or to eliminate any chances of recurring problems, remove the plugin. Support

If after you’ve made effort to fix this issue and you are not successful, please, ensure to contact support. We’ll be glad to be of assistance.