PHP_C99SHELL.BB
November 19, 2012
ALIASES:
Backdoor.PHP.C99Shell.BK (FSecure)
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This backdoor executes when a user accesses certain websites where it is hosted.
TECHNICAL DETAILS
File Size: 217,506 bytes
File Type: Script
Memory Resident: Yes
Initial Samples Received Date: 28 Feb 2012
Arrival Details
This backdoor executes when a user accesses certain websites where it is hosted.
Other Details
This backdoor connects to the following possibly malicious URL:
- http://{BLOCKED}m.ru/releases/c99shell
- http://{BLOCKED}m.ru/update/c99shell
- http://{BLOCKED}m.ru/files/c99sh_sourcesl