Breaking Down the China Chopper Web Shell – Part I

20th August 2013 | By Mouseworld Now Correspondent |

China Chopper: The Little Malware That Could

China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth. Other than a good blog post from security researcher Keith Tyler, we could find little useful information on China Chopper when we ran across it during an incident response engagement. So to contribute something new to the public knowledge base – especially for those who happen to find the China Chopper server-side payload on one of their Web servers – we studied the components, capabilities, payload attributes, and the detection rate of this 4 kilobyte menace.

Components

China Chopper is a fairly simple backdoor in terms of components. It has two key components: the Web shell command-and-control (CnC) client binary and a text-based Web shell payload (server component). The text-based payload is so simple and short that an attacker could type it by hand right on the target server – no file transfer needed.

 

© Mouseworld Now News Service

Tags: , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 10 + 4 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • iValue Registers Impressive growth of 70% in FY2017-18 more...
  • NetRack Showcases iRack Block at DCD Bangalore more...
  • Capillary Technologies to help boost Bata’s Omnichannel CRM strategies in Southeast Asia more...
  • Fox Mobiles Launches new range of Basic Keypad Phones more...
  • iValue is “APAC VAD” for Micro Focus more...
Subscribe via email

Enter your email address:

QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration