Hi malware fighters,
Here is a trend, and the malcode is often missed, example: hxtp://treadmil-l.com/wp-content/upgrade/spread.txt??
Location of PHP/Pbot.A.9 (well the name is right with a certainty of over 60%)
A further listing of malware domains with this:
http://support.clean-mx.de/clean-mx/viruses.php?virusname=PHP/Pbot.A.9&sort=source%20desc
Description of this devious malcode here:
http://evilcodecave.blogspot.com/2009/11/malware-php-pbot-dissection.html
http://www.offensivecomputing.net/?q=node/1417
also see the code of such a bot: htxp://pastebin.com/dqCtmFB7
An example of one site with PHP/Pbot.A.9 missed and only reported by WOT:
http://www.mywot.com/en/scorecard/fgfg.pl and detected here: http://www.freepcsecurity.co.uk/
respectively mentioned the first time here: http://www.freepcsecurity.co.uk/2010/07/05/malicious-sites-july-05/
polonus