IBM Security is always looking for high-volume anomalies that might signify a new attack trend. One example is webshells, which are scripts (such as PHP, ASPX, etc.) that perform as a control panel graphical user interface (GUI). An attacker could utilize a webshell to gain system-level access to a vulnerable server.
Over the past two months, IBM Managed Security Services (MSS) has noticed a steep increase in attackers’ attempts to push a variant of the popular C99 webshell.
Although we see many attempts to push malicious PHP code on a daily basis, the increased volume of this particular webshell is startling compared to other types of webshell activity IBM MSS tracks: a 45 percent increase from February through March.
