Obfuscating PHP Backdoors Using Legitimate Code Wrappers

· Read in about 2 min · (267 Words)

PHP Backdoors Are Now Using The Legitimate Code Wrappers | Quttera blog

Introduction

Typically, Backdoor malware is one of the initial stages of the cyber attack. Hackers find vulnerabilities on the site and upload arbitrary files (in this case a Backdoor) to your site and then access it via browser. This is how a plain old Backdoor looks like:

PHP Backdoors Are Now Using The Legitimate Code Wrappers | Quttera blog

For more information about a Backdoor: FilesMan Backdoor Malware On Your Computer

Using Legitimate Code Wrappers To Avoid Detection By The Web Malware Scanners

The above-mentioned type of backdoor has identifiable signatures which are distributed among the security vendors and then utilized in the traditional (signature-based) detection algorithms. To bypass such standard approach to the malware protection, hackers are now obfuscating or using wrappers to hide their code from the malware scanners. Once obfuscated, the same Backdoor malware code will look like this :

PHP Backdoors Are Now Using The Legitimate Code Wrappers | Quttera blog

Fopo is just one of many online obfuscators over the internet that are free to use. These obfuscators were made to protect the code from stealing and make it harder to debug by other developers. But at this time, it was used for malicious intent.

Is your website flagged for malware, blocked by the search engines or disabled by the host?

Quttera heuristic technology is capable of detecting this and other types of obfuscation through the use of our heuristic technology. ThreatSign can pinpoint the infection on your site with accuracy. Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select appropriate ThreatSign! Anti-Malware plan and get back online.

For other issues and help: Quttera help-desk

© 2018 Quttera Ltd. All rights reserved.