Daily Archives: March 22, 2012

Tales from of a base64 WordPress Hack, part 4: dissection

Posted on by
1

Got hit again, briefly. Was able to recover very quickly thanks to the Git repos I had set up previously. I found a couple extra backdoors, using some alternate obfuscation methods. Instead of the typical “eval(base64_decode(” the attacker instead took an existing file, commented out all the code, and interwove a series of variable assignments.

I think it’s a good thing to know the enemy, and the more we know about both (a) what they are doing, (b) what they are CAPABLE of doing — the better we can both recover and detect / identify future attacks. I’ve decrypted their backdoor application and pasted it below (after the jump), with some commentary.

It looked like this:

Continue reading

One more week

Posted on by
Reply

My phone rings; a trip-hoppy ringtone reminiscent of Thievery Corporation.

“Hello?”

“No, I don’t want to.”
“Talk to Daddy”
“I want to talk on the puter”
“Here, talk to Daddy.”

*a few moments of static*

“Hello?”

“Hello?” I said, with a smile in my voice, “Hi Sullivan!”

“I love you, Daddy.”

“I love you too, Sullivan. Guess what! I’m going to see you in one week!”

“What?”

“Seven days; I’m going to see you in seven days. Then we’re going to get a big truck, put all your things in it, and we’re going to move you up here to Ithaca!”

“Ok. … Bye!”

“Bye, Sullivan. I love you.”

*a few moments of static, then the phone hangs up.*