Trojan program Backdoor.PHP.C99Shell.p austrumi

b4gi · 01-20-2008, 02:28 PM

Kaspersky AV said:
"detected: Trojan program Backdoor.PHP.C99Shell.p
File: austrumi-1.5.1.iso//BOOT/AUSTRUMI.TGZ;1//austrumi.tar//./var/www/htdocs/cyti/c99.php"
What is mean?!!

MS3FGX · 01-20-2008, 02:38 PM

It means it has found a file which main contain that Trojan...

jschiwal · 01-20-2008, 04:38 PM

I think that file is a webshell.
http://en.wikipedia.org/wiki/Remote_File_Inclusion

It looks like you make a backup of a server that might be compromised.

unSpawn · 01-20-2008, 04:51 PM

Yeah, it's web-based shell written in PHP giving access to your system. Usually found on compromised boxen. If you need a shell like then it's cool. If anybody uses it to access your system without you knowing then it's obviously not. Weird stuff to put on a "rescue" CD (that's what Austrumi advertises itself as).

MS3FGX · 01-20-2008, 08:35 PM

Did you download this from an official mirror? If you grab something from an unofficial source and don't verify the MD5s, there is no telling what you have.

unixfool · 01-21-2008, 12:01 PM

Quote:

Originally Posted by MS3FGX

Did you download this from an official mirror? If you grab something from an unofficial source and don't verify the MD5s, there is no telling what you have.

You might also want to alert the maintainer of the official mirror (they may not know).