Signature update from new infections

This commit is contained in:
Gabor Gyorvari
2020-10-01 11:26:02 +02:00
parent c495cc822c
commit 2b1a0c1266
3 changed files with 17 additions and 4 deletions

View File

@@ -40,6 +40,9 @@ Googlebot['"]{0,1}\s*\)\){echo\s+file_get_contents
#execute base64 code
eVaL\(\s*trim\(\s*baSe64_deCoDe\(
# execute escaped code
exec\("(\\[0-9a-fx]{2,3}){3,}
#
if\s*\(\s*mail\s*\(\s*\$mails\[\$i\]\s*,\s*\$tema\s*,\s*base64_encode\s*\(\s*\$text
@@ -110,4 +113,7 @@ function\s+_[0-9]{8,}\(
@include ".*?(\\x[0-9a-f]{2,}.*?){2,}.*?";
# create_function is dangerous as like eval() see http://php.net/manual/en/function.create-function.php
create_function\s*\(\s*['"]{2}
create_function\s*\(\s*['"]{2}
# control concated from cookie at the call
(\$[a-z]{2,}=urldecode\(\$_COOKIE\['[a-z]{2,}'\]\);){3,}