Hacktools are specially crafted tools to perform malicious or illicit activities, such as controlling botnets, mining bitcoins, triggering Denial-of-Service attacks and bruteforcing passwords. Those tools most of the time hidden in the filesystem and were installed among with other malicious code throug a vulnerability or an already compromised server.
This perl script is a IRC bot, it connects to a IRC server and accept commands from the Command & Control server. This kind of malware is what turn the computers into zombies, the botnet clients, sending spam, DDoS attacks and acting as a proxy for their owners to attack other servers.
Affecting
Any vulnerable website with perl support. Outdated software or compromised passwords can act as an infection vector.
Cleanup
Inspect your server looking for any unknown perl file and remove them. Also, you can sign up with us and let our team remove the malware for you.
Dump
#!/usr/bin/perl
######################################################################################################################
######################################################################################################################
## DDoS Perl IrcBot v1.0 / 2012 by DDoS Security Team ## [ Help ] ###########################################
## Stealth MultiFunctional IrcBot writen in Perl #######################################################
## Teste on every system with PERL instlled ## !u @system ##
## ## !u @version ##
## This is a free program used on your own risk. ## !u @channel ##
## Created for educational purpose only. ## !u @flood ##
## I'm not responsible for the illegal use of this program. ## !u @utils ##
######################################################################################################################
## [ Channel ] #################### [ Flood ] ################################## [ Utils ] ###########################
######################################################################################################################
## !u @join <#channel> ## !u @udp1 <ip> <port> <time> ## !u @cback <ip> <port> ##
## !u @part <#channel> ## !u @udp2 <ip> <packet size> <time> ## !u @downlod <url+path> <file> ##
## !u !uejoin <#channel> ## !u @udp3 <ip> <port> <time> ## !u @portscan <ip> ##
## !u !op <channel> <nick> ## !u @tcp <ip> <port> <packet size> <time> ## !u @mail <subject> <sender> ##
## !u !deop <channel> <nick> ## !u @http <site> <time> ## <recipient> <message> ##
## !u !voice <channel> <nick> ## ## !u pwd;uname -a;id <for example> ##
## !u !devoice <channel> <nick> ## !u @ctcpflood <nick> ## !u @port <ip> <port> ##
## !u !nick <newnick> ## !u @msgflood <nick> ## !u @dns <ip/host> ##
## !u !msg <nick> ## !u @noticeflood <nick> ## ##
## !u !quit ## ## ##
## !u !uaw ## ## ##
## !u @die ## ## ##
## ## ## ##
######################################################################################################################
######################################################################################################################