Webshells are considered post-exploitation tools. They are basically backdoors that run from the browser. Unlike a reverse shell, which requires a secondary program such as Netcat to be run on a victim’s machine, webshells require no communications socket and are simply run over HTTP. ![]() ![]() ![]() Webshells can be used legitimately by a system administrator to perform actions on the server, such as creating a user, reading system logs and restarting a service. What’s more, it’s targeting vulnerable WordPress systems, becoming yet another threat to content management systems (CMS). Over the past two months, IBM Managed Security Services (MSS) has noticed a steep increase in attackers’ attempts to push a variant of the popular C99 webshell.Īlthough we see many attempts to push malicious PHP code on a daily basis, the increased volume of this particular webshell is startling compared to other types of webshell activity IBM MSS tracks: a 45 percent increase from February through March.Īccording to VirusTotal, relatively few antivirus vendors are catching this variant. An attacker could utilize a webshell to gain system-level access to a vulnerable server. ![]() One example is webshells, which are scripts (such as PHP, ASPX, etc.) that perform as a control panel graphical user interface (GUI). IBM Security is always looking for high-volume anomalies that might signify a new attack trend.
0 Comments
Leave a Reply. |