file that was not identified as a malware
-
Hi Eli,
Thank you for your great job that saved many lives.
I found a malware (multiple sites, multiple directories) that was not identified as a malware although it really is.
Usually it’s filename is ‘server.php’ or ‘cund.php’ that is hidden in any of the plugin’s, somewhere deeply.
The file is usually created by another known malware (from threat files that are recognized and quarantined properly) as a child on the time of it’s activation.
Or is it known, bus sometimes skipped due to server related issues?
The code is here: https://pastebin.com/yGVpsnPNI see some more similar files under other filenames and even similar code on some known threats (identified as malware) so this is probably something you will recognize. Seems that many of such files have the same origin and are coming from the same known issue and this should help: https://pastebin.com/LmyvtRTa
In the pastebin there are two lists of created and edited files that was done by malware (most edits I suppose).By the way, the WP version is something between 4.7 and 4.8.4 (couldn’t notice due to the updates).
Thank you.
- The topic ‘file that was not identified as a malware’ is closed to new replies.