Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.

This is just a snippet I have used before to identify some malicious code on web servers.  This will not work on everything; but it will give you a way to find suspect files.  It is easy to cron in a script with others to make a nice daily report if you have those concerns.

#!/bin/bash
# Malware Search Script
# 11/1/15 – Matthew D. Curry
# Matt@MattCurry.com

echo “Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.”

find / -name *.php -exec grep -Hn .1.=…….0.=…….3.=…….2.=…….5.= {} ;

 

Hope this helps, enjoy.