PRICING SUPPORT LOGIN

Mailers is a category of scripts that hackers install on compromised servers to send out spam and anonymous emails.
They take advantage of the servers' bandwidth and other resourses to send out tons of spam emails in a short time. Moreover, headers of such emails don't contain traces of the hackers - they lead to the hacked server -
so all the spam campaign remains quite anonymous. Hacked servers is not a scarse resourse and spammers don't care much if one of them gets blacklisted for spamming they can easily move to another server. However, to minimize risks of
blacklisting, they usually evenly distribute mailing between several hacked servers.
M-9AWED Mailer is a script generated by one of the mailer tools created by tool4spam. It sends a message located in the file <attacker's-ip-address>.txt to a list of recepients.
Such script can be used for spamming and phishing.

Affecting

Any servers with enabled PHP

Cleanup

This file usually has the name in the form <attacker's-ip-address>.php. It use auxilary file like <attacker's-ip-address>.txt and 127.0.0.2.txt. It is generated by another malicious tool from tool4spam
that can be found next to it. Sometimes hackers also create the "Send" subdirectory. You should delete all these files and subdirectories. Scan your server for other types of malware and specifically for backdoors. Make sure to identy and close the security hole.
You also need to check if your server IP address got blacklisted by various anti-spam and phishing blacklist providers as a result of hacker activity.
You can sign up with us and let our team remove the malware for you.

Dump

... excerpts ...
...

<?php

$message =file_get_contents('xxx.xxx.xx.xxx.txt');

?>


<html>
<head>
<meta http-equiv="Content-Language" content="fr">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Sending M-9AWED Mailer By Sp4m3r Fb3</title>
</head>
...
<p align="center"><b><font size="4" color="#0000FF">CoPyRiGhT 2012
MoRoCcO By Sp4m3r Fb3 </font></b></td>
</tr>
</table>
</div>

</body>

</html><?php
$txt = fopen("127.0.0.2.txt", "w+");
fwrite ($txt, "");
fclose($txt);