Question

  • Creator
    Topic
  • #2341114

    Linux Maldet Scan finding malware in favicon.ico files – Joomla 3.8.6

    Locked

    by stephensquires ·

    Tags: 

    I’m wondering if anyone has experienced this kind of malware and knows how it may be occurring.

    Our nightly maldet scans are finding 2-4 favicon.ico files with malware, only these favicon.ico files are not where they should be in the file structure.

    Example maldet scan:

    HOST : –cleared-out–
    SCAN ID : 180412-0331.27527
    STARTED : Apr 12 2018 03 :31 :19 -0500
    COMPLETED : Apr 12 2018 03 :32 :17 -0500
    ELAPSED : 58s [find : 1s]

    PATH :
    RANGE : 1 days
    TOTAL FILES : 1292
    TOTAL HITS : 2
    TOTAL CLEANED : 0

    FILE HIT LIST :
    {HEX}php.base64.v23au.186 : /var/www/vhosts/–clered-out–/httpdocs/plugins/system/admintools/favicon_b5187e.ico => /usr/local/maldetect/quarantine/favicon_b5187e.ico.2409932083
    {HEX}php.base64.v23au.186 : /var/www/vhosts/–cleared-out–/httpdocs/libraries/src/Environment/favicon_cc89b9.ico => /usr/local/maldetect/quarantine/favicon_cc89b9.ico.279812132
    ===============================================
    Linux Malware Detect v1.6.2 < proj@rfxn.com >

    Any help would be appreciated.

All Answers

Viewing 0 reply threads