This blog describes briefly what WebShells are, and how attackers can
use WebShells to gain powerful shell level/system level access to a
server. WebShells have been used in attacks for quite a long time now,
but with changes in attack trends, cyber criminals are getting more
sophisticated with deployment techniques and methods to circumvent
detection. With the help of our Websense® ThreatSeeker® Intelligence
Cloud, we came across a few examples in which attackers have used
different techniques. These are elaborated on further in this blog.
Many mass compromises are accomplished in an automated fashion:
vulnerabilities are enumerated, and after one is found, exploits are
automatically deployed. The takeover process usually involves
downloading a remote administration tool for the compromised website.
One common tool deployed by attackers once they compromise a website is a
WebShell.
…(read more)