PaulDotCom mailing list archives
Re: [Security Weekly] identifying php based malware
From: Himanshu anand <onlyhimanshuanand () gmail com>
Date: Fri, 25 Jul 2014 18:39:16 +0530
Hi, If possible then upload those script somewhere so others can also take a look and might able to help you. Regards, Himanshu Anand On Fri, Jul 18, 2014 at 5:48 PM, Robin Wood <robin@digi.ninja> wrote:
I've got a client whose website has just been hacked by what looks like an automated script which has dropped a single, very long, line of php at the start of every php file on the site. My guess is that a script got the FTP creds off a developer and used those to do the work but I'd like to know more. I'm not looking to deobfuscate the php, that is too much effort for this job, but I was wondering if there were any sites like Virus Total where I could upload a line of php and get at least the family of malware that it belongs to. Each page it has added itself to obfuscated in a different way so there isn't a fixed fingerprint I can just google for, it would take something that could do some basic analysis on the code first. Anyone any ideas? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] identifying php based malware Robin Wood (Jul 25)
- Re: [Security Weekly] identifying php based malware Himanshu anand (Jul 25)
- Re: [Security Weekly] identifying php based malware Jim Halfpenny (Jul 25)