In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and anomaly checks. In this blog post, we’re going to be focusing on how core integrity checks are a key component of the whitelisting model and how this is aids in effectively detecting malware.
Cryptographic Hash Functions and Checksums
When a website compromise happens, attackers add, modify, or delete files from the server.
Source: Scuri check