I published the following diary on isc.sans.org: “Analysis of a Simple PHP Backdoor“.
With the huge surface attack provided by CMS like Drupal or WordPress, webshells remain a classic attack scenario. A few months ago, I wrote a diary about the power of webshells. A few days ago, a friend of mine asked me some help about an incident he was investigating. A website was compromised (no magic – very bad admin password) and a backdoor was dropped. He sent a copy of the malicious file… [Read more]