File Size:
44,794 bytes
File Type:
Script
Memory Resident:
No
Initial Samples Received Date:
08 Jul 2011
Payload:
Compromises system security
Arrival Details
This malware arrives via the following means:embedded in mass-mailed email message.
uploaded in a web server by malicious user
NOTES:
This malicious PHP script may be uploaded and installed on a web server by a remote malicious user via FTP after gaining access to the said server.
Once this PHP script is installed, the user may then launch a backdoor on the affected system.
Opening the page, the malicious user is shown the following GUI:
It has the following backdoor capabilities:
Detect available drives on the system
List files and folders
Provide user full access to files and folders
Search files with specific contents
Create file and folder
View file and folder information
Execute shell commands
View list of processes running on the system
Bind standard input/output of the command interpreter to assigned TCP port
Bind standard input/ output of the command interpreter to data from certain IRC server (Datapipe)
Manage SQL databases
Execute PHP code
Remove itself from the server
Scan FTP accounts for weak passwords using brute force and log them to file and e-mail
Upload/dowload files to/from the web server
Crack winnt passwords