PHP code that supposed to trigger malicious injection was not implemented correctly
Malicious iframes are often used to distribute malware hosted on external web resources(websites).
Submission date: Sat Oct 5 15:10:45 2013
Website malware scanner report
|Sitescan malware report by Quttera|
|Suspicious website files|
Malicious payloadIt can be seen that wp-includes folder of the WordPress installation is likely hacked.
Blacklisting statusThe redirected URL is detected by 3 vendors as per VirusTotal report.
Now let's take a look at something that looks like hacker's bug. When we analyze the file detected as Suspicious it appears that the infection was done incorrectly and as a result PHP injected AS IS into server output instead running on server side.
Here is the infection itself in PHP code