Malware Identified

Severity: Critical
Summary#

Invicti detected a malicious file on your web server ({DetectionName}). You either uploaded an infected file by accident or an attacker was able to write arbitrary files to your web server.

Impact#

Depending on the file your users' data might be at risk. It might carry out one or more of these malicious actions for example.

  • Delete, modify, or read files on your web server.
  • Steal sensitive user data such as credit card numbers or personally identifiable information.
  • Install malicious software on your users' devices, either through a browser exploit or if they download and open the malicious file.

Please refer to the Microsoft Threat Encyclopedia link in the External References section and carefully read the description in order to find out how this file may put your users at risk.

Actions To Take#

It's advisable to contact an information security company with experience in malware removal. They may help or instruct you to take the following steps.

  • Immediate removal of the malicious file.
  • Find out whether additional steps need to be taken to ensure that the malicious files were completely removed from your server.
  • Where applicable, replacement of the file with a clean copy that does not contain the malicious code. You should make sure to locally scan the new file with an anti virus tool or submit it to Virus Total before you upload it.
  • They may help you to ensure that the malicious file is no longer accessible. If you use a caching server such as Varnish, Squid or Nginx, they might tell you to make sure that they don't serve a copy of the infected file from memory.
  • They will tell you to notify your users and the appropriate authorities. This may include law enforcement and data protection authorities, depending on your local laws.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works