VirusPHP/C99Shell.IR!tr.bdr
Analysis
PHP/C99Shell.IR!tr.bdr is a backdoor trojan that allows an attacker to perform actions on a compromised system.
- Creates a web form with fields named "Command" and "Upload File".
- The "Command" field allows an attacker to execute shell commands by using PHP's shell_exec function.
- The "Upload File" field allows an attacker to upload files to the compromised system's current working directory.
- The following is the web form that is created::
- Figure 1: Created web form.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-10-08 | 72.18000 | Sig Updated |