In a latest research, Kaspersky researchers have identified a malicious PHP script, spotted on the Polish online store, which actively inserts some distantly connected malicious code into the website's HTML. What is possibly more striking is the technique the malware's creators went about concealing the script's behavior, as reported by Virus Bulletin on June 09, 2011.
The news further stated that besides an extraordinary technique of using comments - which might originally imply the code itself is commented out - the code includes what appears like a huge volume of white-space. Nevertheless, upon further examining, the white-space comprises a blend of spaces and tabs. The script then cracks this into a binary string of ones (tabs) and zeroes (spaces), which is further changed to decimal values and then ultimately into ASCII characters including the actual bad code.
Once executed, the script is again directed to another script, which further redirects to another and so on, however the final location appears to be already offline.
...
