1 files changed, 1 insertions, 0 deletions
diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
index 38b6726..ff0c988 100644
--- a/php-malware-finder/common.yar
+++ b/php-malware-finder/common.yar
@@ -88,6 +88,7 @@ rule DodgyStrings
        $ = "kernel32.dll" fullword nocase
        $ = "kingdefacer" nocase
        $ = "Wireghoul" nocase fullword
+        $ = "LD_PRELOAD" fullword
        $ = "libpcprofile"  // CVE-2010-3856 local root
        $ = "locus7s" nocase
        $ = "ls -la" fullword

diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar index 38b6726..ff0c988 100644 --- a/php-malware-finder/common.yar +++ b/php-malware-finder/common.yar
@@ -88,6 +88,7 @@ rule DodgyStrings
88	$ = "kernel32.dll" fullword nocase	88	$ = "kernel32.dll" fullword nocase
89	$ = "kingdefacer" nocase	89	$ = "kingdefacer" nocase
90	$ = "Wireghoul" nocase fullword	90	$ = "Wireghoul" nocase fullword
		91	$ = "LD_PRELOAD" fullword
91	$ = "libpcprofile" // CVE-2010-3856 local root	92	$ = "libpcprofile" // CVE-2010-3856 local root
92	$ = "locus7s" nocase	93	$ = "locus7s" nocase
93	$ = "ls -la" fullword	94	$ = "ls -la" fullword