The official website for content management system PHP-Nuke was purged of a
nasty infection on Tuesday that for four days attempted to install malware on
visitors' machines.
The website, which used an out-of-date version of PHP, was compromised as
long ago as Friday, according to reports from Websense and Panda Labs. The
infection redirected anyone visiting the PHP-Nuke front page to a series of
attack sites and wasn't cleaned up until Tuesday, Sophos said.
"Here at SophosLabs we see hacked sites everyday and the majority are running
PHP-driven applications such as Content Management Systems (CMS)," the blog post
stated.