[1/3/17] Code identified by the Department of Homeland Security and Federal Bureau of Investigation as being used by Russian intelligence services is an outdated malware developed by Ukrainians that can be downloaded online, according to a blog post by the founder of WordFence.
WordFence is a plug-in designed to protect users of WordPress that has been downloaded over 1 million times. The report released last Thursday by the DHS and FBI, titled “Grizzly Steppe,” contains a PHP malware sample which WordFence employees analyzed.
“Our security analysts spend a lot of time analyzing PHP malware, because WordPress is powered by PHP,” the blog post written by WordFence founder and CEO Mark Maunder said in a post Friday. “We used the PHP malware indicator of compromise (IOC) that DHS provided to analyze the attack data that we aggregate to try to find the full malware sample.”
WordFence was able to find the name of the malware and the version. Maunder said it is a malware called “P.A.S. 3.1.0.,” which was available for download on a site that is currently down.