In this month’s report, we take a look at an often-overlooked side of malicious code: how attackers administer the Web servers that they use to spread spam and malicious code. We highlight a PHP-based tool in particular that is often used to control and manipulate the configuration of these Web servers.
The tool can run arbitrary PHP code, brute force file transfer and database accounts, and even allows quick access to Web server configuration files so that the attacker can edit them in order to suit their malicious needs. The attacker can easily obfuscate his or her code, making its function less apparent if viewed by the legitimate server admins. We’ve witnessed this tool being used to create spam-related websites and hosting exploit pages to compromise further computers.
We also take a look at a rather interesting Android application that attempts to trick the user into thinking that they can charge their device with nothing but the rays of the sun. The only problem is, Android devices do not contain solar panels—a critical component needed to turn light into electricity. Naturally the application can do nothing of the sort. Instead, it steals sensitive information from the user.
For further details on these stories and more, click to download a copy of the September Symantec Intelligence Report (PDF).