PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

[Security Weekly] identifying php based malware

From: Robin Wood <robin@digi.ninja>
Date: Fri, 18 Jul 2014 13:18:38 +0100
I've got a client whose website has just been hacked by what looks like an
automated script which has dropped a single, very long, line of php at the
start of every php file on the site.

My guess is that a script got the FTP creds off a developer and used those
to do the work but I'd like to know more. I'm not looking to deobfuscate
the php, that is too much effort for this job, but I was wondering if there
were any sites like Virus Total where I could upload a line of php and get
at least the family of malware that it belongs to. Each page it has added
itself to obfuscated in a different way so there isn't a fixed fingerprint
I can just google for, it would take something that could do some basic
analysis on the code first.

Anyone any ideas?

Robin

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: