#43 gzinflate str_rot13 base64_decode

main
closed
unSpawn
None
5
2014-04-18
2014-02-04
Marcian
No

rkhunter 1.40 does not detect simple php.bots/rootkit starting <?php eval(gzinflate(str_rot13(base64_decode('

what to do? I have full, working sample from the wild..

Discussion

  • unSpawn

    unSpawn - 2014-02-15
    • assigned_to: unSpawn
     
  • unSpawn

    unSpawn - 2014-02-15

    I would recommend using LMD's (Linux Malware Detect) ClamAV signatures.

     
  • unSpawn

    unSpawn - 2014-04-18
    • status: open --> closed
     

Log in to post a comment.