After finding hundreds of phishing web sites compromised and PHP shells and other backdoors installed, I got to wondering why AV products weren't being used to detect these things. If I had a webhosting business, I'd certainly be looking to find unwanted files installed on servers. What do you use to do that? AV products.
After collecting 99 samples of PHP shells and backdoors 'in the wild', I scanned them with 29 vendor's AV scanners to see if they were being detected. The results were a little bit disheartening, but I think it's something that can be addressed fairly easily. Top 5 vendors: Ikarus ClamAV F-Secure AntiVir Kaspersky More here on test methodology, results, and caveats: http://www.phishlabs.com/blog/archives/35 -John, PhishLabs
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
