No announcement yet.

C99Shell Malware Backdoor.PHP.Agent

  • Filter
  • Time
  • Show
Clear All
new posts

  • C99Shell Malware Backdoor.PHP.Agent

    On my windows C:\Users\axew3\Downloads folder i've found a file named ajax_start.txt.
    I had note some strange localhost requests, alerted by Comodo Internet Security, before to emule ports when was running and when asked by firewall i had let port to communicate with this requests, and after to my localhost, where i had at every request choose to deny access (but looking the code it is maybe not sufficient). Who never can try to get access on my Apache/SQL/PHP server?
    I've find out the answer looking inside the ajax_start.txt file, that contain an exploit code. was the site attempted to be hacked using a backdoor to access and use my server for this, or was the host from where this code was called, executed (and also updated!) to gain access on my windows apache php local server and to got a backdoor? I think the second one, also after reading this article:
    After i have not understand from where this file was injected on my download folder. The more probably answer to me is by browsers i use to navigate on certain sites, but i can be wrong, and instead emule requests was the cause that had lead to download the ajax_start.txt.

    This is the ajax_start.txt file that contain the malware:
    unfortunately something was going wrong for this c99 smoker (this is very hard to understand for somebody), and the code injection/execution had a stop... maybe, i think for my lucky
Previously entered content was automatically saved. Restore or Discard.
Insert: Thumbnail Small Medium Large Fullsize Remove