We want to keep you up-to-date so we collected the Top 5 New Malware Signatures for you from the past two weeks! Don't forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database.
#5 PHP Backdoor Remote Code Executor
A simple remote code executor script that receives data via cookies and posts. It has an additional parameter to decide which function should be used: str_rot13, pack or strrev.
Source code:
#4 PHP Backdoor WSO-Webshell
An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name Tencent Heur: Trojan.Script.LS_Gencirc.7179453.0 .
An advanced webshell for malicious activities. It uses base64, url, htmlspecialchars encoding and forks a new process. Also matches to some Yara rules for both the source code and output.
Source code:
#2 PHP Backdoor Eval Obfuscated Are You Ok 3
The malware downloads the source code to be executed from domainnamespace.top/lf.txt (198.204.244.186 - blacklisted by BitNinja), the script checks and updates itself from this file. The backdoor owner can manipulate the behavior by changing this file. At the time of the SA signature creation this source contains a complete hacker toolset. The access is password protected for the hacker.
Source code:
#1 PHP Backdoor WSO Webshell
An obfuscated variant of the WSO Webshell. The script pretends to show a 403 or 404 error page.
Source code:
If you haven't tried BitNinja yet don't forget to registerfor the 7-day free trial! No credit card needed!
Proactive Linux server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.