You can take a look at the files I've collected (including deobfuscated code) over at my malware analysis site.
One thing which stands out me in some of the malware is that it intentionally hides from being cached by search engines using the following code:
if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } }
See something else worth discussing? Post it here!
No comments:
Post a Comment