The ESET noticed that numerous websites are still compromised. I heard that those websites are running same kind of malware which was create and injected by hackers. These malwares do not need any FTP credentials in order to infect with the malware inside the legitimate websites. This malware is enough to exploit server side application. I would ask admins of compromised website to report about the security incidents. ESET might be working on some undetected PHP malware to improve detection level and security and they are eager to receive samples.
Bookmarks