(To read more interesting discoveries, follow Brent Huston on Twitter.)
[blackbirdpie url=”http://twitter.com/#!/lbhuston/status/61498319142260737″]
[blackbirdpie url=”http://twitter.com/#!/lbhuston/status/61499509645127680″]
[blackbirdpie url=”http://twitter.com/#!/lbhuston/status/61499751950069760″]
[blackbirdpie url=”http://twitter.com/#!/lbhuston/status/61513076557615104″]
AV software is not a “deploy and forget” solution to detect malware. More surveillance is needed, such as checking the logs to see if there are any occurrences of strange activity. Too often, attackers can drop files in the PHP servers and AV software will rarely detect it.
As I said, the moral of the story is that if you’re depending upon an AV detection mechanism for compromised PHP servers, you’re mistaken. Protect your servers by analyzing your logs. And using our HoneyPoint Wasp would help greatly by giving you more visibility and alerts when malware has entered into your system.