Description

A malicious file was detected on your web server. This could be that you either uploaded the file by accident or an attacker was able to write arbitrary files to your web server.

Remediation

It is advisable to contact an information security company with experience in malware removal. They may help or instruct you to take the following steps:

  • Immediate removal of the malicious file.
  • Find out whether additional steps need to be taken to ensure that the malicious files were completely removed from your server.
  • Where applicable, replacement of the file with a clean copy that does not contain the malicious code. You should make sure to locally scan the new file with an antivirus tool or submit it to VirusTotal before you upload it again.
  • They may help you to ensure that the malicious file is no longer accessible. If you use caching server such as Varnish, Squid or Nginx, they might tell you to make sure that they don't serve a copy of the infected file from memory.
  • They will tell you to notify your users and the appropriate authorities. This may include law enforcement and data protection authorities depending on your local laws.

References

VirusTotal

Microsoft Threat Encyclopedia

Related Vulnerabilities

WordPress Super Socialat backdoor plugin

ToolsPack malware plugin

Malware Identified (SB)

Cisco IOS XE Web UI Implant (CVE-2023-20198)

Trojan shell script

Severity

High

Classification

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Malware