Using null rows and a reunion with CryptoPHP

Phrase “Nulled” must also be familiar to longtime WordPress users, such as Nulled Themes, Nulled Plugin, etc. So what is it? Products labeled Nulled mean that someone has cracked the activation (if the product requires activation, it can be called another way as Crack), but now the phrase Nulled is also used to mean about non-copyrighted digital products, that is, an unauthorized use of commercialized products.

There has been a lot of advice that using null products is very dangerous and faces the risk of being inserted malicious code to steal information in the website, access unauthorized servers, use unauthorized resources ( bandwidth) or worse, ending the life of the malicious website. But how dangerous it really is, and how it works, not everyone really knows.

In the form of malicious code insertion into null products, the insertion of script CryptoPHP can be considered the most common that black hat SEO experts (Black-Hat SEO) often use to insert backlinks to maliciously inserted websites or send bulk emails from the resources themselves on the victim’s server. core.

Yesterday, I read an article introducing the research work of a security company in the Netherlands called Fox-IT about Crypto PHP malicious code that sites that provide null products for famous CMS like WordPress, Joomla have inserted to compromise users’ websites. This 56-page research article is written in an easy-to-understand way, in brief, it can help you better understand this malicious code and how null products can be inserted into your website. You can download the research paper here.

Using null rows and a reunion with CryptoPHP 15

cryptophp-foxit

Starting with the research paper, the author will give an example of a null product loaded at the website nulledstylez.com and analysis showed that the product contained a social.png file that was not present in the download from the original website.

See more:  WordPress themes using Material Design

cryptophp-foxit-example1

Conducting a search for content with the keyword social.png in the plugin’s source code, the author came across the following paragraph where the social.png file is inserted directly through a PHP function:

Using null rows and a reunion with CryptoPHP 15

<?php include(‘images/social.png’); ?>

If you have some knowledge of PHP programming, you will know that, no one would use the include() function to insert an image like that, unless the other image file has a problem. And yes, opening it and discovering a whole drive of malicious code.

cryptophp-foxit-example2

And following the series of studies, the authors will show how this malicious code is executed and what its real mission is. Therefore, I encourage you to read the research paper slowly because 56 pages may sound long, but it’s only because of the way it is presented, but reading these 56 pages only takes 30 minutes to finish.

Actually, I also intend to re-Vietnamize the content here, but at the beginning of the research, they clearly stated that this is a document owned by Fox-IT, so no one is allowed to reuse it in any form. so there is only the way introduced above for you to download. Taking the time to read this research is well worth the time. 😀

Rate this content

Using null rows and a reunion with CryptoPHP 15


Source: Using null rows and a reunion with CryptoPHP
– TechtipsnReview

, , ,

Leave a Reply

Your email address will not be published. Required fields are marked *