Help Sucuri Clean Sites

Sucuri Antivirus is a great service. I found an attack on a Joomla 3.5 site where a PayPal form and zip file were inserted into the images folder.

There were the following clues to the attack:

  • PHP & INI files in the images directory
  • New folders called “bt”, “BT”, and “mic” in the images directory.

I contacted Sucuri to see if they wanted my findings and they have an email address to accept this kind of information …. labs@sucuri.net

I hope this helps someone else out there…