I have recently found a nasty hack inside one of my clients’ sites, based on WordPress. Turned out that the site got hacked, and WSO Web Shell was injected in several files, one in the theme, and one in Akismet plugin.
Here’s the code, if you’re curious.
So, I have used this .php file to find all occurrences of “wso” inside my server.
Read More on the Same Subject