Investigating Theme Spam
Code: decoding, obfuscation, PHP, reverse engineering, spam, WordPress
If you’re interested in what spammers are up to these days, check out Snarky’s blog post Evil Eval() investigating the obfuscated spam code hidden in the new WordPress theme he downloaded.
I’d be really interested to see how many of the themes on various WordPress sites include function calls like eval, call_user_func, base64_decode, unpack, ord, chr, etc. as an indicator of hidden spam.