The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server to upload, create, edit, download, or delete files.
Today we found this new PHP webshell from one of the client servers, which we have not seen before.
Marvins.php Webshell screen on Browser
PHP webshell
This webshell (Marvins) look very simple. It’s allow remote control files and upload more files to the server.
Final words
Websites that using Malware Expert – Extra ModSecurity rules are protected against this webshell execution.
Use Malware Expert – Signatures detect this webshell backdoor from files for FREE!