Gumblar Botnet crashes WordPress and other complex PHP sites

Tens of thousands of web sites / blogs, running WordPress blogging software, have been broken, returning a "fatal error" message in recent weeks. According to security experts those messages are actually generated by some buggy malicious code sneaked onto them by Gumblar botnet's authors, who’ve apparently made some changes to their web code without doing […]

Tens of thousands of web sites / blogs, running WordPress blogging software, have been broken, returning a "fatal error" message in recent weeks. According to security experts those messages are actually generated by some buggy malicious code sneaked onto them by Gumblar botnet's authors, who’ve apparently made some changes to their web code without doing proper testing, and as a result "the current version of Gumbar effectively breaks just not only WordPress blogs," but "Any PHP site with complex file architecture can be affected," wrote Sinegubko describing the issue. Crashed WordPress display following error message: Fatal error: Cannot redeclare xfm() (previously declared in /path/to/site/index.php(1) : eval()'d code:1) in /path/to/site/wp-config.php(1) : eval()'d code on line 1 . Other sites running software such as Joomla get different fatal-error messages. Gumblar installs its buggy code by first running on desktop and stealing FTP credentials from its victims and then using those credentials to place malware on website. WordPresser can use WordPress Exploit Scanner plugin to scan WordPress files and database for signs of suspicious activity. Or read ‘how to find backdoor scripts (both in files and in database) in hacked WordPress blogs’.