![]() ![]() ![]() To make things even more confusing and infections harder to detect, the attackers don't place this text in the server's root or the vulnerable plugin's folder, but in a theme's directory. In this file, IBM has found obfuscated PHP source code. In its initial infection stage, the actual webshell's code is uploaded to servers in the form of a text file called pagat.txt. IBM says that attackers are leveraging vulnerabilities in unpatched WordPress plugins to infect websites with the C99 webshell. If you find pagat.txt on your server, you're probably compromised ![]() They can be coded in various languages, from PHP to ASP.NET, and from JavaScript to Ruby, and despite their separate technical term of webshell, they're nothing more than backdoors, giving attackers control over servers. Webshells are files uploaded to a Web server to which attackers make requests or use a special GUI to pass on dangerous commands to the underlying server. A surge in attacks using the PHP-based C99 webshell has forced IBM's Managed Security Services (MSS) team to issue an alert regarding this dangerous threat.Īccording to security researchers keeping an eye on malicious traffic, during the last two months, traffic that resembles the one seen from the C99 webshell has spiked, with 404 different incidents in February and another 588 in March.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |