When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents.

In this malware dropper file we recently found on a compromised website, the attacker chose to create a user-defined PHP function getFile to accomplish the same task as file_put_contents.

Continue reading PHP Binary Downloader at Sucuri Blog.

Via Sucuri.net