THE LITTLE MALWARE THAT COULD: DETECTING AND DEFEATING THE CHINA CHOPPER WEB SHELL
China Chopper is an increasingly popular Web shell that packs a powerful punch into a small package. In the space of just 4 kilobytes, the Web shell offers file and database management, code obfuscation, and more—all in an easy-to-use graphical user interface that even novices can use.
Given its growing prevalence, especially among Chinese cybercriminals, China Chopper warrants much more exposure than it has received to date. Outside of an insightful blog post from security researcher Keith Tyler1, little useful information on China Chopper is publicly available.
This report describes the features that make China Chopper an increasingly popular tool for cyber attackers. And more important, the report explains how security professionals can better detect the Web shell through network traffic and on compromised systems.