by Paul Ducklin
PHP malware
Notably, most content and management systems, such as WordPress, Joomla and Drupal use PHP.
In other words, if a crook has your blog password and can upload files to your server, or if you have an unpatched server plugin that allows him to modify files that are supposed to be write-protected, and he can alter one or more of your PHP files…
…then he can install a payload on your website that will trigger whenever anyone happens to visit the booby-trapped page.
Indeed, he can activate the payload himself at will by accessing the page himself in what appear to be an entirely innocent web request.
That’s how the malware known as Troj/PHPRansm-B works.
Full Article