load_all.jar

Malware details

Today we found Java based malware. If attacker found File Upload vulnerability on the server, then it upload manual.php based malware, which trying load load_all.jar to server and running it background. Manual.php $out = shell_exec(“java -version 2>&1”); preg_match(“/version\s+\”1\.(\d+)\./”,$out,$matches); $ver = 0; if($matches)$ver = (int)$matches[1]; This manual.php uses lot off shell_exec function, but if you have … Read more

proc.php

Again we found new malware, that trying using php shell_exec function to download and include more malware to server. POST Payload This looks like joomla file upload vulnerability: Payload trying upload proc.php file to server and execute it: proc.php p.sh It’s trying download p.sh bash script and execute it. When it executed it remove itself … Read more

Bash Vulnerability

Bash Vulnerability is a family of security bugs in the widely used Unix Bash shell. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer … Read more