Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About
A common keyword that people use to find hidden injections on web sites is "base64_decode". You often see injections that look like "eval ( base64_decode" or eval ( gzinflate ( base64_decode" being used by the attackers.

So most web security tools have some signatures to look for it (specially on WordPress).

Well, the attackers do know about it as well and we are starting to see some interesting variations for it. For example, instead of injecting base64_decode, they are injecting as a variable:



And instead of calling out base64_decode directly, they are using base + 32*2 + decode. A simple trick that allows then to bypass many security filters.