Jelle Raaijmakers has a new tutorial on Dissecting a spammer’s spam script:
One of the WordPress sites on a shared hosting web server I manage was infected by a spam script. Fortunately, the script was unable to do any real damage and was detected within half an hour of infection. I thought it would be fun to show you the script and dissect it, to find out exactly how these things work and make thousands of email administrators’ lives a living hell.
It’s interesting seeing what all is involved in reversing the obfuscated code. “I’m slightly impressed by the technical quality”, Jelle said in the post, “I would never have expected a state machine, or the amount of socket error codes that are handled gracefully. The custom written DNS lookup with a proper response handling loop also surprised me.”