Jump to content

Re: php based exploit script


Recommended Posts

Hi,

 

We are using trial for antiexploit before we purchase the endpoint version for business,

 

have noticed that cerain php based exploit scripts which were used to infect our websites based on wp and joomla platform were not detected, have tried copying the script manually on different systems but still antiexploit or antmalware dont detect the same, i have forwarded the script to Mr.Ron of your support team to check further.

 

Also we are running SmarterMail Server, do is it required to add mailservice.exe to exclude list to avoid false positive for any inbound or outbound mail traffice, what is the best practise here to get optimum results.

 

If needed let me know and shall happy to share the script or logs.

 

Thanks

Hemens

Link to post
Share on other sites

  • Staff

Hi Hemens and welcome to the forum.

 

The exploit script itself won't be detected statically (i.e. simply copying the script to the disk and/or scanning it manually). For Anti-Exploit to alert has to be a real exploit attempt. This means that when visiting a site with this script which triggers the exploit, MBAE will see the exploit attempt and block it.

 

But testing exploit scripts like this is very difficult. Some things to take into consideration:

- The victim machine needs to be vulnerable to the exploit that is being delivered. If it is up to date, the exploit won't trigger and Anti-Exploit won't alert (as there is no exploit).

- Many times these wp compromises load scripts from 3rd party servers. If the server is not available and it can't load the script, the exploit won't trigger.

- Exploit Kits check for certain conditions and will not trigger if they find them (same IP multiple times, visits from VMs, research tools like process explorer or fiddler installed, etc.)

Link to post
Share on other sites

Hi P,

 

Thanks for prompt response.

 

1) I have a scenario wherein php based website got infected with some exploits - scripts, this further triggers multiple scenario

 

    a) Based on exploit it starts sending bulk outgoing mails using phpmailer (this can be controlled by antispam solution or malwarebytes can also                  help)

    b) Based on exploit when user visits the hosted website / specific page / this exploit redirects to other malware site etc which can be detected

    c) Such scripts can be detected by malwarebytes as antivirus does for virus scanning

 

Basically i am looking forward to use malwarebytes to scan script based exploits, so will it help me

 

Thanks

hemens

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.