A recent security announcement from a website scanning service highlighting malware contained within files that resemble ionCube encoded files. Reported as ‘ionCube Malware’ (incorrectly as the files aren’t produced by ionCube software), we’ve called this the diff98 malware, based on one of the filenames used by the authors.
Due to our tools being popular and present in a vast number of products in the market place, it is quite natural for malware authors to latch on to any means possible to ride under the cover of something that can be hard to spot from a cursory glance.
From our own investigations it appears that this is not a new strain of malware, but has indeed been around far longer as shown in this screenshot where one such infection lies:
It also shows that such scanning services lag considerably behind real-time protection for it has taken over a year for it to be reported.
Here is an article of ours which can help you identify a legitimate encoded file: Fakes, and how to Identify a genuine ionCube File
