New malicious script found

Home Forums Support Forum New malicious script found

This topic contains 3 replies, has 2 voices, and was last updated by  Anti-Malware Admin 7 months, 4 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #2066

    New script which goes undetected.

    https://ufile.io/jdkqk (exp 30 days)

     

    #2067

    Anti-Malware Admin
    Key Master

    Thanks for the file. This was a new variation of an old threat so I fixed the definition to match this variant and released a new definition update.

    Please let me know if you find any more that I missed ;-)

    #2068

    https://ufile.io/u2dha (exp 30 days)

    I think this one is the backdoor that could not be found and was creating hear.php

    Some observations / suggestions -

    too many long strings are suspect — perhaps you can allow users to opt in to report some files directly to you via the scanner.
    files without any comments are suspect (true in case of hear.php)
    strings with multiple occurrences of strings like this on the same line — “].$”
    the AV should use a file scanner so any new/modified files can be directly reported to you if found suspect
    annual subscription allows instant updates (others will get it a week later) and daily background scanning

    Thank you for your product and service!

    #2076

    Anti-Malware Admin
    Key Master

    Thanks again. I have added this new file to the definition update. Thanks too for the suggestions, I am also working on improvements and appreciate any and all feedback.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Comments are closed.