# MalwareMustDie! # PoC of Wordpress servers infected by the .so ELF library malware. # Case: http://blog.malwaremustdie.org/2014/05/elf-shared-so-dynamic-library-malware.html # Infection is searchable by Google: https://lh5.googleusercontent.com/-O89zet-xRTE/U26bvNzGNKI/AAAAAAAAPu0/Ig_SU2QEvlw/s512/S110101.png # Overall result is 65 servers now... // Recent (on going search result..) // $ date Sun May 11 06:10:14 JST 2014 http://ceresbilisim.com/libworker.so http://cheaphostelvalencia.com/libworker.so http://www.askhisar.com/libworker.so http://mehmedzahidkotku.net/libworker.so http://2slowater.com/libworker.so http://www.phillymedpros.com/libworker.so http://www.focusbangalore.com/libworker.so http://fooladrail.com/libworker.so // new ones: // @unixfreaxjp ~]$ date Sun May 11 05:09:13 JST 2014 h00p://amiri4efl.com/wordpress/libworker.so h00p://apibestinclass.net/libworker.so h00p://bahcesaray.biz/modules/mod_araticlhess/libworker.so h00p://chupamisto.info/libworker.so h00p://ciceronrealestate.com/modules/mod_araticlhess/libworker.so h00p://dl.shia-leaders.com/online-sound-player/libworker.so h00p://e-tributes.com/libworker.so h00p://fashionquiari.com/libworker.so h00p://fatelist.com/libworker.so h00p://fooladrail.com/libworker.so h00p://hellasexecom.eu/wp-eu/libworker.so h00p://ioacquistonline.altervista.org/blog/wp-content/themes/arras/libworker.so h00p://kokannama.com/wp-content/uploads/2014/03/libworker.so h00p://kylegoulden.com/wp-includes/js/tinymce/plugins/paste/libworker.so h00p://masterdecorators.in/libworker.so h00p://mayadagi.com/modules/mod_araticlhess/libworker.so h00p://mecsekion.com/store/libworker.so h00p://netexcomputersandcd.com/libworker.so h00p://new.oms35.ru/upload/Doc_na2013/V_na_2013/kom_280613/libworker.so h00p://petrospecbrasil.com/wp-content/uploads/libworker.so h00p://phuketsoftware.net/wp-content/uploads/libworker.so h00p://polinamineva.com/wp-content/themes/Bold/libworker.so h00p://ponpesbaitussaadah.com/wp-content/themes/OurBiz/libworker.so h00p://promobilya.com/wp-content/themes/FreshAndClean/libworker.so h00p://ptt-air.com/modules/mod_araticlhess/libworker.so h00p://queenslandmotels.net/libworker.so h00p://school.dinatoni.ir/libworker.so h00p://smilesquaredance.com/libworker.so h00p://thefacts-free.com/libworker.so h00p://www.algorytm.org/components/com_comprofiler/plugin/templates/dark/images/lightbox/libworker.so h00p://www.alimentacao-saudavel.com/wp-content/plugins/maxblogpress-unblockable-popup/editor/themeslibworker.so/advanced/skins/o2k7/img/ h00p://www.andreiszasz.com/Images/High/libworker.so h00p://www.flexibd.com/libworker.so h00p://www.interneo.org/libworker.so h00p://www.lankaran2012.az/wp-content/uploads/2014/01/libworker.so h00p://www.mfable.com/libworker.so h00p://www.orggu.com/libworker.so h00p://www.telechargerfilmsfrancaisgratuit.info/wp-includes/libworker.so h00p://www.tvcustomers.info/libworker.so // Previous ones... h00p://ioacquistonline.altervista.org/blog/wp-content/themes/arras/libworker.so h00p://miniradiosolutions.com/wp-content/uploads/libworker.so h00p://oaosu.ru/includes/libworker.so h00p://www.risehitus.ee/wp-includes/libworker.so h00p://redcliffesoftball.com.au/wp-includes/js/tinymce/plugins/wpfullscreen/libworker.so h00p://miniradiosolutions.com/wp-content/uploads/libworker.so h00p://www.etikmedikal.com/images/libworker.so h00p://countrycosmic.co.za/libworker.so h00p://www.amazonasvive.com/libworker.so h00p://visualgmt.com/libworker.so h00p://comousarelinternet.com/minegociointernet.com/libworker.so h00p://vmacq.com/libworker.so h00p://www.minegociointernet.com/libworker.so h00p://www.djvsolutions.com/libworker.so h00p://giritontro.com/_vti_bin/libworker.so h00p://tagstrategies.com/libworker.so h00p://www.igehirdetesek.hu/libworker.so h00p://kpskw.org.pl/libworker.so --- #MalwareMustDie!!