An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
I found and deleted some suspicious PHP eval()
functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.