↓
 

The PolyBlog

My view from the lilypads

  • Home
  • Goals
    • Goals (all posts)
    • #50by50 – Status of completion
    • PolyWogg’s Bucket List, updated for 2016
  • Life
    • Family (all posts)
    • Health and Spiritualism (all posts)
    • Learning and Ideas (all posts)
    • Computers (all posts)
    • Experiences (all posts)
    • Humour (all posts)
    • Quotes (all posts)
  • Photo Galleries
    • PandA Gallery
    • PolyWogg AstroPhotography
    • Flickr Account
  • Reviews
    • Lilypad Library (Books)
      • Book Reviews (all posts)
      • Book reviews by…
        • Book Reviews List by Date of Review
        • Book Reviews List by Number
        • Book Reviews List by Title
        • Book Reviews List by Author
        • Book Reviews List by Rating
        • Book Reviews List by Year of Publication
        • Book Reviews List by Series
      • Special collections
        • The Sherlockian Universe
        • The Three Investigators
        • The World of Nancy Drew
      • PolyWogg’s Reading Challenge
        • 2026
        • 2023
        • 2022
        • 2021
        • 2020
        • 2019
        • 2015, 2016, 2017
    • Movies
      • Master Movie Reviews List (by Title)
      • Movie Reviews List (by Date of Review)
      • Movie Reviews (all posts)
    • Music and Podcasts
      • Master Music and Podcast Reviews (by Title)
      • Music Reviews (by Date of Review)
      • Music Reviews (all posts)
      • Podcast Reviews (by Date of Review)
      • Podcast Reviews (all posts)
    • Recipes
      • Master Recipe Reviews List (by Title)
      • Recipe Reviews List (by Date of Review)
      • Recipe Reviews (all posts)
    • Television
      • Master TV Season Reviews List (by Title)
      • TV Season Reviews List (by Date of Review)
      • Television Premieres (by Date of Post)
      • Television (all posts)
  • About Me
    • Subscribe
    • Contact Me
    • Privacy Policy
    • PolySites
      • ThePolyBlog.ca (Home)
      • PolyWogg.ca
      • AstroPontiac.ca
      • About ThePolyBlog.ca
    • WP colour choices
  • Andrea’s Corner

Tag Archives: background

Articles I Like: Tracking Emerging Cryptomining Threats

The PolyBlog
May 13 2018

The WordPress security plugin, Wordfence, published a blog entry describing how one of its techs working on cracking malware goes about doing the various steps in a recent day, analysing and developing responses to specific threats.

While the post seems at first to be highly technical, it’s quite readable by the informed layperson, and quite interesting to see. It also dispels the cryptocurrency baitclick headline to note it could have been running anything off the site, it just happened to be doing CCs.

One of our sources of threat data at Defiant is cleaning hacked websites. In this case, Ivan, a member of our SST team had cleaned a hacked site and handed me the forensic data for analysis. The site had been hacked for months before the owner discovered that it had been compromised.

My normal routine is to start by verifying the files we already detect to check if there is any new information inside any of them. Usually there is not, and this infection did not yield any surprises in the files that Wordfence already detected.

What did surprise me is that the server had a large number of malicious files we have not seen before. The server had been infected for a long time, which may have left the attacker feeling confident enough to upload more valuable code.

For us, a server with code we have not seen before is a treasure trove, because it immediately allows us to add new detection capability to the Wordfence malware scanner. If an attacker is caught in this situation, they generally have a bad day, because many of their files that may have previously been undetected by malware scanners will now be detected by our scan.

The first thing that made this attacker different from others is that, instead of using a standard javascript code obfuscator that just scrambles the code, they were using a finite wordlist to replace variable and function names in the code. When you look at the code, the variable and function names just seem like gibberish.

I immediately searched for other similar files out of the remaining samples and found several, then proceeded to write new signatures to detect those files. That accomplished, I moved on to the next file in the list. That was a basic PHP file that selectively redirects regular users, not search engines, to a malicious website. This is a standard thing we see, so I wrote a signature to detect this updated malware variant and moved on.

WordPress: Tracking Emerging Cryptomining Threats

Even the opening approach is quite illuminating, seeing the real work of defenders, not the Hollywood version.

Posted in Computers | Tagged background, computer, curation, security | Leave a reply

Countdown to Retirement

Days

Hours

Minutes

Seconds

Retirement!

One of my favourite sites

And its new sister site

My Latest Posts

  • A red-eyed tree frog dressed in brown leather armour on his torso with a sword attached to his hip and a shield resting against one knee, while standing on a rock in a swamp. The shield has a ying-yang symbol on it.
    Saying goodbye to my nephew BrianJuly 3, 2026
    Last night, we had a celebration of life for my nephew Brian. He was 51. There was a good turnout, as the saying goes, of family and friends. A group that Brian himself would have felt was too large and too much fuss. And as I looked at the picture boards that his sister Julie, … Continue reading →
  • A red-eyed tree frog wearing a panda apron is stirring food in the Lilypad Kitchen.
    English Muffin Pizza in Four FlavoursJune 18, 2026
  • A red-eyed tree frog wearing a panda apron is stirring food in the Lilypad Kitchen.
    Cowboy Beef Dip with Salsa and Nacho CheeseJune 17, 2026
  • A red-eyed tree frog wearing a panda apron is stirring food in the Lilypad Kitchen.
    Rotisserie-Seasoned Chicken Thighs in the Instant PotJune 17, 2026
  • A red-eyed tree frog wearing a panda apron is stirring food in the Lilypad Kitchen.
    Sweet Chicken Curry Slow-Cooked with Mango ChutneyJune 16, 2026
    Sweet Chicken Curry: This was an adaptation from a diet recipe book for slow cookers, and was a pretty easy recipe (particularly using the slow cooker, but also just the limited number of items to chop / dice / slice). And the mango chutney is really the key to the sweet taste. I wasn't a big fan of chutney before, but it is awesome here.

Archives

Categories

© 1996-2026 - Paul Sadler aka PolyWogg Privacy Policy
↑