diff --git a/malware4.pl b/malware4.pl
index 3194fc5..871ab59 100644
--- a/malware4.pl
+++ b/malware4.pl
@@ -31,6 +31,8 @@ my @regexen = (
     qr/<\?php.+?class\s+JApplication.+?new\s+JApplication\(array\s+\(\'UID\'\s+\=>\s+\'([A-z0-9]{1,20})\'\)\)\;/is,
     qr/<\?php\s+\/\*\s+\@package\s+WordPress\s+\*\/\s+eval\(base64\_decode\(\@\$\_POST\[\"([A-z0-9]{1,20})\"\]\)\)\;\?>/is,
     qr/<\?php\s+\if\s+\(\!defined\(\'ALREADY\_RUN\_.+?\)\)\;\s+\}/is,
+    qr/<\?php\s+\$dom\s+\=\s+array\(.+?\$url\s+\=\s+\'http\:\/\/\'\.\$dom\[mt\_rand\(0\,sizeof\(\$dom\)\-1\)\]\.\'\/file\.php\'\;.+?header\(\'Location\:\s+\'\.\$url\)\;\s+\}\s+exit\;\s+\?>/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_GET\[\"id\"\]\)\)\s+header\(.+?\.\$\_GET\[\"id\"\]\)\;\s+\?>/is,
     
     );
 my @base64_decodes = (