Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
PHP TROJAN
2010-05-23
Manuel Humberto Santander Pelaez
e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
PHP
2024-11-06/a>
Jesse La Grew
[Guest Diary] Insights from August Web Traffic Surge
2024-03-29/a>
Xavier Mertens
Quick Forensics Analysis of Apache logs
2023-09-23/a>
Guy Bruneau
Scanning for Laravel - a PHP Framework for Web Artisants
2022-09-07/a>
Johannes Ullrich
PHP Deserialization Exploit attempt
2022-02-02/a>
Johannes Ullrich
Finding elFinder: Who is looking for your files?
2021-11-30/a>
Johannes Ullrich
Hunting for PHPUnit Installed via Composer
2020-06-05/a>
Remco Verhoef
Not so FastCGI!
2019-07-18/a>
Xavier Mertens
Malicious PHP Script Back on Stage?
2019-04-04/a>
Xavier Mertens
New Waves of Scans Detected by an Old Rule
2018-11-16/a>
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-07-11/a>
Remco Verhoef
Well, Hello Again Peppa!
2018-07-02/a>
Guy Bruneau
Hello Peppa! - PHP Scans
2018-06-13/a>
Xavier Mertens
A Bunch of Compromized Wordpress Sites
2018-05-06/a>
Guy Bruneau
Scans Attempting to use PowerShell to Download PHP Script
2017-09-14/a>
Xavier Mertens
Another webshell, another backdoor!
2017-08-07/a>
Xavier Mertens
Increase of phpMyAdmin scans
2017-02-28/a>
Xavier Mertens
Analysis of a Simple PHP Backdoor
2016-12-26/a>
Russ McRee
Critical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-07-13/a>
Xavier Mertens
Drupal: Patch released today to fix a highly critical RCE in contributed modules
2015-07-12/a>
Guy Bruneau
PHP 5.x Security Updates
2014-09-19/a>
Guy Bruneau
PHP Fixes Several Bugs in Version 5.4 and 5.5
2014-08-22/a>
Richard Porter
PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22/a>
Richard Porter
PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-16/a>
Lenny Zeltser
Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-04-04/a>
Stephen Hall
PHP 5.4.27 released
2014-03-27/a>
Alex Stanford
Mass XSSodus in PHP
2013-10-25/a>
Johannes Ullrich
PHP.net compromise aftermath: Why Code Signing Beats Hashes
2013-10-24/a>
Johannes Ullrich
False Positive: php.net Malware Alert
2013-09-19/a>
Bojan Zdrnja
Arrays in requests, PHP and DedeCMS
2013-08-11/a>
Bojan Zdrnja
XATattacks (attacks on xat.com)
2013-08-04/a>
Johannes Ullrich
BBCode tag "[php]" used to inject php code
2013-06-07/a>
Daniel Wesemann
PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110
2013-02-22/a>
Chris Mohan
PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-17/a>
Russ McRee
PHP 5.4.11 and PHP 5.3.21 released
2012-09-19/a>
Russ McRee
Script kiddie scavenging with Shellbot.S
2012-06-14/a>
Johannes Ullrich
PHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow
2012-05-08/a>
Kevin Liston
PHP 5.4.3 and PHP 5.3.13 Released
2012-04-05/a>
Johannes Ullrich
Evil hides everywhere: Web Application Exploits in Headers
2012-03-07/a>
Johannes Ullrich
What happened to RFI attacks?
2012-02-07/a>
Johannes Ullrich
Secure E-Mail Access
2012-02-03/a>
Johannes Ullrich
Critical PHP bug patched
2012-02-03/a>
Guy Bruneau
PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-01-16/a>
Kevin Shortt
php 5.3.9 released -Jan-10-2011
2012-01-12/a>
Rob VandenBrink
PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-08-22/a>
Jim Clausing
DO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/
2011-08-18/a>
Rob VandenBrink
PHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1
2010-08-31/a>
Bojan Zdrnja
Interesting PHP injection
2010-08-10/a>
Daniel Wesemann
SSH - new brute force tool?
2010-07-04/a>
Manuel Humberto Santander Pelaez
Interesting analysis of the PHP SplObjectStorage Vulnerability
2010-06-14/a>
Manuel Humberto Santander Pelaez
Another way to get protection for application-level attacks
2010-05-23/a>
Manuel Humberto Santander Pelaez
e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-02-27/a>
Guy Bruneau
PHP 5.2.13 Security Update
2010-01-29/a>
Johannes Ullrich
Analyzing isc.sans.org weblogs, part 2, RFI attacks
2009-12-28/a>
Johannes Ullrich
8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-11-20/a>
Mark Hofman
PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related.
2009-08-01/a>
Deborah Hale
Website Warnings
2009-06-26/a>
Mark Hofman
PHPMYADMIN scans
2009-06-24/a>
Kyle Haugsness
Exploit tools are publicly available for phpMyAdmin
2009-06-21/a>
Scott Fendley
phpMyAdmin Scans
2009-04-07/a>
Johannes Ullrich
Common Apache Misconception
2009-02-03/a>
Swa Frantzen
On the importance of patching fast
2008-12-10/a>
Stephen Hall
PHP Group has released PHP version 5.2.8
2008-09-09/a>
Swa Frantzen
wordpress upgrade
2008-08-19/a>
Johannes Ullrich
A morning stroll through my web logs
2008-05-05/a>
John Bambenek
PHP 5.2.6 out w/ security updates
2006-12-24/a>
Swa Frantzen
phpBB 2.0.22 - upgrade time
2006-11-29/a>
Toby Kohlenberg
New Vulnerability Announcement and patches from Apple
2006-09-13/a>
Swa Frantzen
PHP - shared hosters, take note.
TROJAN
2023-06-24/a>
Guy Bruneau
Email Spam with Attachment Modiloader
2022-11-05/a>
Guy Bruneau
Windows Malware with VHD Extension
2022-10-15/a>
Guy Bruneau
Malware - Covid Vaccination Supplier Declaration
2021-07-24/a>
Xavier Mertens
Agent.Tesla Dropped via a .daa Image and Talking to Telegram
2021-01-04/a>
Jan Kopriva
From a small BAT file to Mass Logger infostealer
2020-11-19/a>
Xavier Mertens
PowerShell Dropper Delivering Formbook
2020-09-04/a>
Jan Kopriva
A blast from the past - XXEncoded VB6.0 Trojan
2020-08-14/a>
Jan Kopriva
Definition of 'overkill' - using 130 MB executable to hide 24 kB malware
2020-07-11/a>
Guy Bruneau
Scanning Home Internet Facing Devices to Exploit
2020-03-11/a>
Xavier Mertens
Agent Tesla Delivered via Fake Canon EOS Notification on Free OwnCloud Account
2019-09-19/a>
Xavier Mertens
Agent Tesla Trojan Abusing Corporate Email Accounts
2019-07-18/a>
Xavier Mertens
Malicious PHP Script Back on Stage?
2019-06-25/a>
Brad Duncan
Rig Exploit Kit sends Pitou.B Trojan
2018-11-15/a>
Brad Duncan
Emotet infection with IcedID banking Trojan
2018-10-10/a>
Xavier Mertens
New Campaign Using Old Equation Editor Vulnerability
2018-09-13/a>
Xavier Mertens
Malware Delivered Through MHT Files
2017-08-15/a>
Brad Duncan
Malspam pushing Trickbot banking Trojan
2013-12-07/a>
Guy Bruneau
Suspected Active Rovnix Botnet Controller
2013-10-26/a>
Guy Bruneau
Active Perl/Shellbot Trojan
2013-10-25/a>
Rob VandenBrink
Kaspersky flags TCPIP.SYS as Malware
2013-05-04/a>
Kevin Shortt
The Zero-Day Pendulum Swings
2012-07-05/a>
Adrien de Beaupre
New OS X trojan backdoor MaControl variant reported
2012-04-14/a>
Rick Wanner
Flashback Trojan Removal Tool Released
2011-08-05/a>
donald smith
New Mac Trojan: BASH/QHost.WB
2011-05-21/a>
Daniel Wesemann
Weekend reading
2010-12-31/a>
Bojan Zdrnja
Android malware enters 2011
2010-08-22/a>
Rick Wanner
Failure of controls...Spanair crash caused by a Trojan
2010-07-03/a>
Deborah Hale
Delivery Status Failure Notice That Packed A Wallop
2010-06-13/a>
Rick Wanner
UnRealCD compromised by Trojan
2010-05-23/a>
Manuel Humberto Santander Pelaez
e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-03-17/a>
Deborah Hale
Trojan outbreak on a College Campus
2009-11-03/a>
Bojan Zdrnja
Opachki, from (and to) Russia with love
2009-10-05/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 5 port 31337
2009-07-01/a>
Bojan Zdrnja
Mobile phone trojans
2009-03-16/a>
Johannes Ullrich
new rogue-DHCP server malware
2009-02-06/a>
Adrien de Beaupre
Fake stimulus payments
2009-01-24/a>
Pedro Bueno
Identifying and Removing the iWork09 Trojan
2009-01-07/a>
Bojan Zdrnja
An Israeli patriot program or a trojan
2008-11-16/a>
Maarten Van Horenbeeck
Detection of Trojan control channels
2008-09-16/a>
donald smith
Don't open that invoice.zip file its not from UPS
2008-06-25/a>
Deborah Hale
Report of Coreflood.dr Infection
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Learn
about the Internet Storm Center
and our
volunteer InfoSec handlers