unknown_html_RFI_php hack not detected....

Malware could reside here: htxp://helloskate.us/images/user/pesquisadorRFI.txt?&para=premmy35@gmail.com&tempo=600&checador=http://helloskate.us/images/user/checador.php&enviador=http://helloskate.us/images/user/enviador.txt
Wepawet thinks it is benign: http://wepawet.iseclab.org/view.php?hash=d7bc799b432dc774524623c93c7818d5&t=1300971096&type=js
Nothing detected at virustotal: http://www.virustotal.com/url-scan/report.html?id=d7bc799b432dc774524623c93c7818d5-1300967185
Listed on uribl black list
Here it was detected as PHP.Mailer-5: http://www.virustotal.com/file-scan/report.html?id=a7b2f5b42ee9f20880f116be9f5d70979d112b3d7e3a01564ff841a2918c9631-1291579905
Is this a FP or real PHP-malware?
Was followed up here: http://support.clean-mx.de/clean-mx/viruses.php?id=625647
Has been with us since 2008: hacker using webmail and script, see: http://web-robot-abuse.blogspot.com/2008/06/hacker-using-email-brancohatgmailcom.html

polonus

The php hack is possible through a PHP Shell script or perhaps an xmlrpc.php file that was outdated and vulnerable, it was not being uploaded by a system user, and owned by “nobody”, this should have been at least the account holder to see in temp where the script came from… See: http://www.deerberg-systems.de/statistik/summary/cgi.html

polonus