Ars Technica has recently published an article about the “wiper” malware. In that article they published a Yara rule provided by FBI. However, the rule does not work due to a syntax error. Following rule corrects the syntax error and can be used with Yara 3.2.0. Happy hunting!
I see a lot of brute-force attempts made to my site lately. In fact, the unsuccessful login attempts using the “admin” user id are increased by 300 fold. My preliminary investigation showed that all of the offending systems are running Linux. Compromised systems include online retailers, academic institutions, and individuals. Upon investigating offending hosts, IRead more about Massive WordPress attacks are in progress[…]