Announcement

Collapse
No announcement yet.

C99Shell Malware Backdoor.PHP.Agent

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • C99Shell Malware Backdoor.PHP.Agent

    On my windows C:\Users\axew3\Downloads folder i've found a file named ajax_start.txt.
    I had note some strange localhost requests, alerted by Comodo Internet Security, before to emule ports when was running and when asked by firewall i had let port to communicate with this requests, and after to my localhost, where i had at every request choose to deny access (but looking the code it is maybe not sufficient). Who never can try to get access on my Apache/SQL/PHP server?
    I've find out the answer looking inside the ajax_start.txt file, that contain an exploit code. http://ccteam.ru/ was the site attempted to be hacked using a backdoor to access and use my server for this, or http://ccteam.ru/ was the host from where this code was called, executed (and also updated!) to gain access on my windows apache php local server and to got a backdoor? I think the second one, also after reading this article: http://blog.malwaremustdie.org/2012/...n-go-from.html.
    After i have not understand from where this file was injected on my download folder. The more probably answer to me is by browsers i use to navigate on certain sites, but i can be wrong, and instead emule requests was the cause that had lead to download the ajax_start.txt.

    This is the ajax_start.txt file that contain the malware:
    ajax_start.txt
    unfortunately something was going wrong for this c99 smoker (this is very hard to understand for somebody), and the code injection/execution had a stop... maybe, i think for my lucky
Previously entered content was automatically saved. Restore or Discard.
Auto-Saved
x
Insert: Thumbnail Small Medium Large Fullsize Remove  
x
x
Working...
X