We want to keep you up-to-date so we collected the Top 5 New Malware Signatures for you from the past two weeks! Don’t forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database.
#5 PHP Backdoor Remote Code Executor
A simple remote code executor script that receives data via cookies and posts. It has an additional parameter to decide which function should be used: str_rot13, pack or strrev.
#4 PHP Backdoor WSO-Webshell
An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name Tencent Heur: Trojan.Script.LS_Gencirc.7179453.0 .
#3 PHP Backdoor Eval Obfuscated Ultim4t3 H4x 0r Shell
An advanced webshell for malicious activities. It uses base64, url, htmlspecialchars encoding and forks a new process. Also matches to some Yara rules for both the source code and output.
#2 PHP Backdoor Eval Obfuscated Are You Ok 3
The malware downloads the source code to be executed from domainnamespace.top/lf.txt (188.8.131.52 – blacklisted by BitNinja), the script checks and updates itself from this file. The backdoor owner can manipulate the behavior by changing this file. At the time of the SA signature creation this source contains a complete hacker toolset. The access is password protected for the hacker.
#1 PHP Backdoor WSO Webshell
An obfuscated variant of the WSO Webshell. The script pretends to show a 403 or 404 error page.
If you haven’t tried BitNinja yet don’t forget to registerfor the 7-day free trial! No credit card needed!
For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.