We have been very busy in our blog explaining about the latest TimThumb.php vulnerability and the affect it is having on WordPress web sites.
If you missed the articles, please check here:
- TimThumb.php – Just the tip of the iceberg
- Attacks Against Timthumb.php in the Wild – List of Themes and Plugins Being Scanned
After a few days, the malware started to evolve and the htaccess redirections changed to other domains: security-generation.ru, securitygeneration.ru, safenesscontent.ru, allowcompany.ru, securityinternet.ru, generation-internet.ru and allowupdate.ru
(all of them registered by firstname.lastname@example.org)
So if you see any of those in your site, you know what is going on.
If your site is compromised, or you just want to verify, scan it for free here: http://sitecheck.sucuri.net. Need someone to clean it up for you? Sign up here: http://sucuri.net/signup.