1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/bad_php.yara b/php-malware-finder/bad_php.yara
index e3bdb76..1fb185f 100644
--- a/php-malware-finder/bad_php.yara
+++ b/php-malware-finder/bad_php.yara
@@ -33,6 +33,7 @@ rule Misc
    strings:
        $header_splitting = /header\s*\(.*\$_(GET|POST|REQUEST|COOKIE).*\)/
        $serialize = /unserialize\s*\(.*\)|unserialize_callback_func/
+        $chmod = /chmod\s*(.*777/
    condition:
        any of them
 }

diff --git a/php-malware-finder/bad_php.yara b/php-malware-finder/bad_php.yara index e3bdb76..1fb185f 100644 --- a/php-malware-finder/bad_php.yara +++ b/php-malware-finder/bad_php.yara
@@ -33,6 +33,7 @@ rule Misc
33	strings:	33	strings:
34	$header_splitting = /header\s\(.\$_(GET\|POST\|REQUEST\|COOKIE).*\)/	34	$header_splitting = /header\s\(.\$_(GET\|POST\|REQUEST\|COOKIE).*\)/
35	$serialize = /unserialize\s\(.\)\|unserialize_callback_func/	35	$serialize = /unserialize\s\(.\)\|unserialize_callback_func/
		36	$chmod = /chmod\s(.777/
36	condition:	37	condition:
37	any of them	38	any of them
38	}	39	}