Today we found new Thumbs.php encoded malware, which trying to hide PHP code to unreadable. This technique is not nothing new, so this is very easy de-obfuscate PHP code and make it readable again.
After we manually decoded this PHP malware, we found again FilesMan backdoor which is PHP command shell.
Decoded Thumbs.php
FilesMan – WSO 2.5
Final words
Use Malware Expert – Signatures detect this malware from files for FREE!
Websites that using Malware Expert – ModSecurity rules are protected against this kind attacks.