PaulDotCom mailing list archives
Re: [Security Weekly] identifying php based malware
From: Jim Halfpenny <jim.halfpenny () gmail com>
Date: Fri, 25 Jul 2014 14:22:36 +0100
Hi Robin, You might want to try sending it to a company that specialises in website malware like Sucuri (https://sucuri.net/). I'm not certain if they can help but they either might give you a quick answer or be interested in the sample for their own research. Jim On 18 July 2014 13:18, Robin Wood <robin@digi.ninja> wrote:
I've got a client whose website has just been hacked by what looks like an automated script which has dropped a single, very long, line of php at the start of every php file on the site. My guess is that a script got the FTP creds off a developer and used those to do the work but I'd like to know more. I'm not looking to deobfuscate the php, that is too much effort for this job, but I was wondering if there were any sites like Virus Total where I could upload a line of php and get at least the family of malware that it belongs to. Each page it has added itself to obfuscated in a different way so there isn't a fixed fingerprint I can just google for, it would take something that could do some basic analysis on the code first. Anyone any ideas? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] identifying php based malware Robin Wood (Jul 25)
- Re: [Security Weekly] identifying php based malware Himanshu anand (Jul 25)
- Re: [Security Weekly] identifying php based malware Jim Halfpenny (Jul 25)