Update 'malware3.pl'
This commit is contained in:
Malin
parent
eccd2bcedd
commit
6bbac5781a
@ -295,7 +295,7 @@ my @regexen = (
|
|||||||
qr/\#\#\#\#\#\#\#\#GET\#\#\#\#\#\#\#\s+RewriteEngine\s+on\s+RewriteRule\s+\\\.\(jpg\|png\|gif\|jpeg\|bmp\)\$\s+\-\s+\[L\]\s+RewriteCond\s+\%\{HTTP\_USER\_AGENT\}\s+acs\s+\[NC\,OR\].+?RewriteRule\s+\^\(\.\*\)\$\s+http\:\/\/.+?\s+\[L\,R\=302\]/is,
|
qr/\#\#\#\#\#\#\#\#GET\#\#\#\#\#\#\#\s+RewriteEngine\s+on\s+RewriteRule\s+\\\.\(jpg\|png\|gif\|jpeg\|bmp\)\$\s+\-\s+\[L\]\s+RewriteCond\s+\%\{HTTP\_USER\_AGENT\}\s+acs\s+\[NC\,OR\].+?RewriteRule\s+\^\(\.\*\)\$\s+http\:\/\/.+?\s+\[L\,R\=302\]/is,
|
||||||
qr/<\?php\s+\$cookey\s+\=.+?\;\s+preg\_replace\(.+?\)\;\s+\?>/is,
|
qr/<\?php\s+\$cookey\s+\=.+?\;\s+preg\_replace\(.+?\)\;\s+\?>/is,
|
||||||
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=\s+\"([A-z0-9]{1,10})\_([A-z0-9]{1,10})\"\;\s+\$([A-z0-9]{1,10})\=strtolower\s+\(\$.+?\;if\(isset\(\$\{\s+\$([A-z0-9]{1,10})\s+\}\[\s+\'([A-z0-9]{1,10})\'\]\)\)\s+\{eval\(\s+\$([A-z0-9]{1,10})\s+\(\s+\$\{\s+\$([A-z0-9]{1,10})\}\s+\[\s+\'([A-z0-9]{1,10})\'\s+\]\)\s+\)\;\}\?>/is,
|
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=\s+\"([A-z0-9]{1,10})\_([A-z0-9]{1,10})\"\;\s+\$([A-z0-9]{1,10})\=strtolower\s+\(\$.+?\;if\(isset\(\$\{\s+\$([A-z0-9]{1,10})\s+\}\[\s+\'([A-z0-9]{1,10})\'\]\)\)\s+\{eval\(\s+\$([A-z0-9]{1,10})\s+\(\s+\$\{\s+\$([A-z0-9]{1,10})\}\s+\[\s+\'([A-z0-9]{1,10})\'\s+\]\)\s+\)\;\}\?>/is,
|
||||||
qr/<\?php\s+\$ver\s+\=\s+\'abcdefghijklmnopqrstuvwxyz\'\;\s+\$check\s+\=.+?\(\$check\(array\(.+?\}\s+\?><form\s+\action\=\"\"\s+\method\=\"post\"><input\s+\type\=\"text\"\s+\name\=\"g\_\_g\_\"\s+\value\=\"\"\/><input\s+\type\=\"submit\"\s+\value\=\"\&\;\"\/><\/form>/is,
|
qr/<\?php\s+\$ver\s+\=\s+\'abcdefghijklmnopqrstuvwxyz\'\;\s+\$check\s+\=.+?\(\$check\(array\(.+?\}\s+\?><form\s+action\=\"\"\s+method\=\"post\"><input\s+type\=\"text\"\s+name\=\"g\_\_g\_\"\s+value\=\"\"\/><input\s+type\=\"submit\"\s+value\=\"\&\;\"\/><\/form>/is,
|
||||||
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=\s+\"([A-z0-9]{1,10})\_([A-z0-9]{1,10})\"\s+\;\s+\$([A-z0-9]{1,10})\=\s+strtolower\s+\(\s+\$.+?\=strtoupper\s+\(\$.+?\]\)\s+\)\{eval\s+\(\$([A-z0-9]{1,10})\(\$\{\s+\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\]\)\)\s+\;\}\?>/is,
|
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=\s+\"([A-z0-9]{1,10})\_([A-z0-9]{1,10})\"\s+\;\s+\$([A-z0-9]{1,10})\=\s+strtolower\s+\(\s+\$.+?\=strtoupper\s+\(\$.+?\]\)\s+\)\{eval\s+\(\$([A-z0-9]{1,10})\(\$\{\s+\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\]\)\)\s+\;\}\?>/is,
|
||||||
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=.+?\$([A-z0-9]{1,10})\=\s+strtolower.+?if\s+\(\s+isset\s+\(\s+\$\{\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\s+\]\)\s+\)\{eval\s+\(\$([A-z0-9]{1,10})\(\$\{\s+\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\]\)\)\s+\;\}\?>/is,
|
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=.+?\$([A-z0-9]{1,10})\=\s+strtolower.+?if\s+\(\s+isset\s+\(\s+\$\{\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\s+\]\)\s+\)\{eval\s+\(\$([A-z0-9]{1,10})\(\$\{\s+\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\]\)\)\s+\;\}\?>/is,
|
||||||
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=\"([A-z0-9]{1,10})\_([A-z0-9]{1,10})\".+?if\s+\(\s+isset\s+\(\s+\$\{\$([A-z0-9]{1,10})\}\[\'([A-z0-9]{1,10})\'\s+\]\)\)\s+\{eval\(\s+\$\{\s+\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\s+\]\s+\)\s+\;\}\?>/is,
|
qr/<\?php\s+\$([A-z0-9]{1,10})\s+\=\"([A-z0-9]{1,10})\_([A-z0-9]{1,10})\".+?if\s+\(\s+isset\s+\(\s+\$\{\$([A-z0-9]{1,10})\}\[\'([A-z0-9]{1,10})\'\s+\]\)\)\s+\{eval\(\s+\$\{\s+\$([A-z0-9]{1,10})\s+\}\s+\[\'([A-z0-9]{1,10})\'\s+\]\s+\)\s+\;\}\?>/is,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user