![]() However, only 9 of 68 security products on VirusTotal detected the script as being malicious.Īccording to IBM Security, the variant of the C99 webshell leveraged in these attacks has also been used by Hmei7, an Indonesian hacker whose Zone-H account shows that he has defaced more than 150,000 websites from all across the world. The webshell also allows malicious actors to upload files that can be used to perform various actions.Ī Google search shows that the pagat.txt file is currently present on hundreds of websites. The attacker can then access the webshell from a browser and start executing shell commands on the server. ![]() Once the script is decoded and executed on the victim’s server, an email is sent to the attacker, informing them that the target has been compromised. By obfuscating the script, cybercriminals hope to increase its chances of evading detection and bypassing Web application firewalls. The attack starts with a file named pagat.txt, which contains an obfuscated PHP script, being uploaded to the targeted website. The C99 variant used in these attacks is currently detected by 37 security products based on its signature. ![]() IBM reported spotting nearly 1,000 attacks in February and March, which represents a 45 percent increase compared to the previous period. ![]() IBM Security has warned WordPress website administrators about a sharp increase in the number of attacks leveraging a variant of a PHP webshell called C99. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |