The string you are looking for is not necessarily the only one you should be
looking for for that exploit. More information here:
http://somewebgeek.com/2014/wordpress-remote-code-execution-base64_decode/
Steve at SaneSecurity has a nice document on creating your own signatures here:
http://sanesecurity.com/support/documentation/
On 3/24/15 2:40 PM, Steve Holdoway wrote:
Hi folks,
I'm in the process of cleaning up an infected wordpress website and am
finding a number of files that contain
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
