The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server to upload, create, edit, download or delete files.
Today we found this new PHP webshell from one of client server, which we have not seen before.
Marvins.php Webshell screen on Browser
PHP webshell
This webshell (Marvins) look very simple. It’s allow remote control files and upload more files to the server.
Final words
Websites that using Malware Expert – Extra ModSecurity rules are protected against this webshell execution.
Use Malware Expert – Signatures detect this webshell backdoor from files for FREE!