Plugin Author
Eli
(@scheeeli)
Do you have this infection on your server now? I would like to take a look at the infected json2.min.js file if you still have it. Can email it directly to me: eli AT gotmls DOT net
No we removed the files and the revslider plugin causing the issue.
Actually the malware involves multiple files. They had used revslider to gain access then used template-loader.php in wp-includes to enqueue json.min,js and in the last 24 hours the json file actually loads swfobject.swf on all the pages which loads the malware.
Plugin Author
Eli
(@scheeeli)
I added this template-loader.php hack to the definition updates last month when someone else sent it to me. I just forgot to get back to you.
Please let me know if you find anything else.
Aloha, Eli
