Extending ClamAV Signatures with RFXN Database for PHP Malware’s

extending clamav signatures

You can use 3rd party compiled malware and virus signature databases to extend ClamAV signature database collection with better detection PHP malwares. RFXN (R-FX NETWORKS) Database signature are updated typically once per day or more frequently depending on incoming threat data from the LMD checkout feature, IPS malware extraction and other sources. Installation Add the … Read more

Buy Signature subscribers

Malware Signatures

ClamAV is an open-source anti-virus engine designed to detect viruses, Trojans, malware and other threats. It supports multiple file formats (documents, executables or archives), uses multi-threaded scanner features and receives updates 3-4 times a day for its signature database. Additionally, we are updating our database, so the user will get improved results. Benefits of using … Read more

Disable Theme and Plugin Editors from WordPress

Security

This is a big problem, if customer using very weak password’s with default username’s like admin/administrator and etc. Even if you don’t use default username you can get it very easily. Get WordPress username https://wordpress.site/?author=1 This redirects your correct username author page and you can get easily correct username which is probably admin user. If … Read more

Website backdoors with $variable functions

Tutorial

When a website is compromised, attackers frequently leave behind a backdoor – which is PHP code in a new file or injected PHP code to file that already on the server. These backdoors are not designed to attack a website or destroy data. Typically they allow an attacker to re-enter a targeted website with little … Read more

WordPress Hidden Include

Malware details

Today we found undetected malware, which keep it hidden and try loading again if it deleted. We generated Signatures to Detect these hidden includes: /index.php: {HEX}Malware.Expert.wordpress.hidden.include.0.UNOFFICIAL FOUND /wp-load.php: {HEX}Malware.Expert.wordpress.hidden.include.1.UNOFFICIAL FOUND /wp-includes/template.php: {HEX}Malware.Expert.malware.url.7od.info.0.UNOFFICIAL FOUND /wp-includes/Requests/IPconfig.ini: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND /wp-includes/js/utilities.js: {HEX}Malware.Expert.generic.malware.39.UNOFFICIAL FOUND WordPress index.php wp-load.php End of file: template.php IPconfig.ini Remove file utilities.js Remove file Final Words Use … Read more

xo.php

Malware details

This malware trying write another malware to server, it’s using old cherry-plugin import/export file upload vulnerability. Here source code to malware: Source of xo.php Details $uri is infected server address. $url is base64 encoded remote server address, where trying download more malware and put server to remote access: http://fastwealthformula.online/callback/shell Remote file Final Words Use Malware … Read more

Decode.Tools – Decode PHP Obfuscator by FOPO

Decode.tools

Decote.tools is a website that provides you free online decoding tools that can help you identify malicious PHP code hiding behind obfuscated code (ex. FOPO). Tools at decode.tools can decode almost any tough PHP code or program into a simple and understandable form that can be easily analyzed to see whether its malicious or not. … Read more

WordPress hidden cookie (wp_cookie)

Malware details

We found very old and hidden WordPress cookie, which named wp_cookie. This allows an attacker to run anything on the compromised user website with user permissions. wp_cookie This is a very clever attack method that allows arbitrary commands to run on a server with ignoring any server security software, just like normal PHP code. Also, … Read more