The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download, or delete files.
filebox.php login screen
Today we found a new PHP webshell, which we have not seen before anywhere.
PHP webshell
This webshell (filebox) look very simple. It’s allow remote control files and upload more files to the server.
Final words
Websites that using Malware Expert – ModSecurity rules are protected against this webshell execution.
Use Malware Expert – Signatures detect this webshell backdoor from files for FREE!