Backdoor Tool Kit – Today’s Scary Web Malware Reality

July 25, 2012 by 10 Comments

We often talk about the importance of keeping your server clean. You can see it in a number of our articles and presentations, this post will likely drive that point home.

This past week we came across a nice little package that we felt compelled to share with you. In it, the attacker makes use of a number of tools designed to help them infiltrate your environment. What’s likely most annoying about this kit is that it’s loaded into your environment, and uses your own resources to help hack you. That’s like being punched in the gut and slapped at the same time, not cool.

Read More

Filed Under: awareness, backdoors, hacked, Malware, mysql, Passwords, research, security, sucuri Tagged With: , , , , , ,

Pharma Hack Backdoor Analyzed – PHP5.PHP

July 23, 2012 by 17 Comments

Some of you might remember my last Pharma hack post, Intelligent (Pharma) SPAM Decoded, today I will spend some time looking a different variant of the same infection type but focus on a payload that is not encoded or embedded within an existing file, instead it resides in its own file – PHP5.php.

“Hmm, maybe it’s a good / system file, it does have PHP in it, I won’t bother looking at it…”

If you have ever come across this file and find yourself thinking this, we highly encourage you not to and take a minute to see if any of its components resemble what we’re about to share.

Dissecting the Payload


Read More

Filed Under: awareness, backdoors, Malware, pharma, php, research, Spam, sucuri Tagged With: , , , , , ,

Varying Degrees of Malware Injections Decoded

March 30, 2012 by 2 Comments

It is no longer the day of human-readable injections, or even the use of basic encoding schemes like base64. Instead we’re seeing a rise in complex, and in some instances, elusive encoding schemes that carry with them a big punch.

There are varying degrees of malware injections that include some of the following traits:

  • Encoding (pretty basic)
  • Encryption & Encoding (a bit more exciting and challenging)
  • Concatenation & Encryption & Encoding ( gets our hearts pumping a bit faster)
  • Cameleon integration (flows with existing code and difficult to detect)

In this post we’ll look at an instance where the malware leverages a combination of encoding, concatenation and cameleon traits to impact the end-user.

Read More

Filed Under: sucuri

Intelligent (Pharma) Spam Decoded

March 22, 2012 by 4 Comments

We are seeing a rise in the use of intelligent SPAM – a.k.a Pharma Hack – across a number of platforms. We recently found a nice injection that made us salivate, we figured you’d be just as interested

It is of no surprise to us that attackers are always looking for ways to trick us and more importantly our users. This gem of a find was no different.

SPAM = “Stupid, Pointless Annoying Message”.

SPAM, in the form of unsolicited e-mail messages, is a problem that we face every day.  Imagine sending a client a link to a newly released product, they get to the page, and BAM they’re greeted with advertisements for pharmaceutical products (Viagra / Cialis / Male Enhancers). What do you think the impact would be?
Read More

Filed Under: Malware, malware_updates, pharma, Spam Tagged With: , , , ,