PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Security Weekly] identifying php based malware

From: Himanshu anand <onlyhimanshuanand () gmail com>
Date: Fri, 25 Jul 2014 18:39:16 +0530
Hi,
If possible then upload those script somewhere so others can also take
a look and might able to help you.

Regards,
Himanshu Anand

On Fri, Jul 18, 2014 at 5:48 PM, Robin Wood <robin@digi.ninja> wrote:

I've got a client whose website has just been hacked by what looks like an
automated script which has dropped a single, very long, line of php at the
start of every php file on the site.

My guess is that a script got the FTP creds off a developer and used those
to do the work but I'd like to know more. I'm not looking to deobfuscate the
php, that is too much effort for this job, but I was wondering if there were
any sites like Virus Total where I could upload a line of php and get at
least the family of malware that it belongs to. Each page it has added
itself to obfuscated in a different way so there isn't a fixed fingerprint I
can just google for, it would take something that could do some basic
analysis on the code first.

Anyone any ideas?

Robin

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: