A lot of little things have changed with the Gootloader malware since my last blog, so I feel it is time to document them publically. I would like to example on #4. I was able to identify the following PHP code that was injected in the legitimate WordPress file xmlrpc.php. Removing the obfuscation and we […]
