29 Aug, 2017

Obfuscating PHP Backdoors Using Legitimate Code Wrappers

Learn how hackers use legitimate code wrappers to obfuscate backdoor malware and how Quttera can help you detect and remove such threats from your website.
Typically, Backdoor malware is one of the initial stages of the cyber attack. Hackers find vulnerabilities on the site and upload arbitrary files (in this case a Backdoor) to your site and then access it via browser. This is how a plain old Backdoor looks like:
For more information about a Backdoor: FilesMan Backdoor Malware On Your Computer
Using Legitimate Code Wrappers to Avoid Detection by The Web Malware Scanners
The above-mentioned type of backdoor has identifiable signatures which are distributed among the security vendors and then utilized in the traditional (signature-based) detection algorithms. To bypass such standard approach to the malware protection, hackers are now obfuscating or using wrappers to hide their code from the malware scanners. Once obfuscated, the same Backdoor malware code will look like this :
Fopo is just one of many online obfuscators over the internet that are free to use. These obfuscators were made to protect the code from stealing and make it harder to debug by other developers. But at this time, it was used for malicious intent.
Is your website flagged for malware, blocked by the search engines or disabled by the host?
Quttera heuristic technology is capable of detecting this and other types of obfuscation through the use of our heuristic technology. ThreatSign can pinpoint the infection on your site with accuracy. Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines.

Just select appropriate ThreatSign! Anti-Malware plan and get back online.For other issues and help: Quttera help-desk