PaulDotCom mailing list archives
[Security Weekly] identifying php based malware
From: Robin Wood <robin@digi.ninja>
Date: Fri, 18 Jul 2014 13:18:38 +0100
I've got a client whose website has just been hacked by what looks like an automated script which has dropped a single, very long, line of php at the start of every php file on the site. My guess is that a script got the FTP creds off a developer and used those to do the work but I'd like to know more. I'm not looking to deobfuscate the php, that is too much effort for this job, but I was wondering if there were any sites like Virus Total where I could upload a line of php and get at least the family of malware that it belongs to. Each page it has added itself to obfuscated in a different way so there isn't a fixed fingerprint I can just google for, it would take something that could do some basic analysis on the code first. Anyone any ideas? Robin
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] identifying php based malware Robin Wood (Jul 25)
- Re: [Security Weekly] identifying php based malware Himanshu anand (Jul 25)
- Re: [Security Weekly] identifying php based malware Jim Halfpenny (Jul 25)