arrow_back
search
close

PHP_SHELLY.SMD

August 15, 2013
 Analysis by: Anthony Joe Melgarejo
 ALIASES:

Backdoor:PHP/Shell.C (Microsoft), W32.IRCBot (Symantec), Backdoor.PHP.AMJ (FSecure), PHP/IRCBOT.EZ.1 (Antivir), PHP/Pbot.D (F-Prot), PHP.ShellExec (ClamAV), PHP/IRCBot.KJ!tr.bdr (Fortinet), Backdoor.PHP.Pbot (Ikarus), NetTool.PHP.Pbot.a (VBA32)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


  TECHNICAL DETAILS

File Size:

Varies

File Type:

Script

Memory Resident:

No

Initial Samples Received Date:

01 Sep 2011

NOTES:
This is the Trend Micro detection for: PHP scripts in compromised Web servers that wait for a connection from a remote host. Once a connection is established, a remote malicious user may then execute malicious commands that are passed as parameters to HTTP requests.