zwi-cofg.php

I run a number of wordpress sites on a windows/IIS server, and many of these sites keep getting infected with some kind of trojan that seems to try to redirect traffic away to other sites, thus building “fake” backlinks and traffic. One of the files that seems to commonly show up is named zwi-cofg.php – it has a bunch of heavily disguised code inside it, so I haven’t dug into what it actually does yet- but out of all the infections I’ve seen, this file seems to be the most common. Googling it didn’t reveal anything so figured I would create a post and see if any others are discovering this file- and what you may have figured out about it? I’m also working to lock down my sites so they don’t continue to get infectected, but I’m beginning to think this is not an easy task when running php on windows servers. All the best practices I’ve seen don’t seem to go far enough. Continuing to investigate…

Leave a Reply

Your email address will not be published. Required fields are marked *