Got Hacked - Anyone know what this PHP Code Does?

Question

Our server got hacked via some SQL Injection method (now patched). All our PHP files got this added to the very top of each file.

global $sessdt_o; if(!$sess         


        

Answer 1

I could be wrong here, but from the looks of it (without testing the links in the code); it could be trying to inject some client-side javascript which could be malicious. This would usually infect the visitors computer with malware etc.

As for the cookie name. I would get your visitors to remove all cookies for your domain, but from the looks of it, the cookie is called "lb11"

I didn't fancy looking at the links as you can understand ;)