
Wordpress 0day with remote code execution - hoers
http://pastebin.com/UtKLMN85
======
stullig
[http://blog.malwaremustdie.org/2014/05/elf-shared-so-
dynamic...](http://blog.malwaremustdie.org/2014/05/elf-shared-so-dynamic-
library-malware.html)

------
hoers
[http://pastebin.com/search?q=%22ELF+44%22](http://pastebin.com/search?q=%22ELF+44%22)

[http://pastebin.com/YmhamhTp](http://pastebin.com/YmhamhTp)

[http://pastebin.com/1Uyipejn](http://pastebin.com/1Uyipejn)

------
hoers
[https://security.stackexchange.com/questions/98241/wordpress...](https://security.stackexchange.com/questions/98241/wordpress-
infected-with-trojan)

------
hoers
[http://www.unphp.net/decode/57bb51fc5a100298aa3bba2e0724a9a7...](http://www.unphp.net/decode/57bb51fc5a100298aa3bba2e0724a9a7/)

------
hoers
7f454c460101010000000000000000000300030001000000540d0000340000004869000000000000340020000300

2d61002f2f002e002f746d70000000000000000000000000006d6a2000000000006f6a2000000000000000000000
000000

------
hoers
@mods Since not a 0day I would propose changing the title to something like
ELF libworker.so Wordpress Malware ( #Mayhem Botnet )

------
hoers
[http://pastebin.com/ZXGppXuv](http://pastebin.com/ZXGppXuv)

------
hoers
[http://pastebin.com/uKnthPmB](http://pastebin.com/uKnthPmB)

