Possible malicous file

technobabble

I found a file called maile.php on the server.

First lines make me think it could be malware:

"mailer inbox, mailer inbox to all, inbox 2013, inbox 2014, send inbox, send inbox to hotmail aol gmail, script mailer inbox, how to send inbox, send anonymous emails, alboraaq send inbox, unlimitid send inbox,by rocky & poter

TEAM ALBORAAQ
CONTACT[at]ALBORAAQ[dot]COM
HTTP://WWW.ALBORAAQ.COM
( TOOLS - 2014 ) "

Is there a way I can find out if it really is malware?

scottalanmiller

Looks like Malware to me. There are online submissions sites for this stuff.

scottalanmiller

http://scanthis.net/

technobabble

Thanks, scanning now. Sucuri didn't find anything which I had tried before posting.

Nic

You could try here too:
https://www.virustotal.com/

technobabble

Took a chance to download the file and then upload to http://virustotal.com.

So far: PHP.Agent-AQ[Trj], VULCB21.Webshell, Trojan Mailfinder.PHP.Mailer.ac (and .p)

Thanks guys...time to boot this customer.

MattSpeller

A Former User

@technobabble said:

Thanks guys...time to boot this customer.

Booting a customer for a virus? does that mean we can do end user replacements too if they get viruses?

Dashrender

@thecreativeone91 said:

@technobabble said:

Thanks guys...time to boot this customer.

Booting a customer for a virus? does that mean we can do end user replacements too if they get viruses?

I was wondering that too... booting a client because of a virus?

MattSpeller

@thecreativeone91 said:

does that mean we can do end user replacements too if they get viruses?

YES.

Although I don't know where we're going to find completely new staff for every business ever.

A Former User

@MattSpeller said:

@thecreativeone91 said:

does that mean we can do end user replacements too if they get viruses?

YES.

Although I don't know where we're going to find completely new staff for every business ever.

Plenty of people looking for jobs out there.

Dashrender

@thecreativeone91 said:

@MattSpeller said:

@thecreativeone91 said:

does that mean we can do end user replacements too if they get viruses?

YES.

Although I don't know where we're going to find completely new staff for every business ever.

Plenty of people looking for jobs out there.

But do you want to hire those people?

technobabble

@thecreativeone91

LOL...no, the customer seemed sketchy when he signed up for hosting services and then added that file to the server. So booting = cancelling his service.

scottalanmiller

@technobabble said:

@thecreativeone91

LOL...no, the customer seemed sketchy when he signed up for hosting services and then added that file to the server. So booting = cancelling his service.

Oh, you are thinking that it was intentional?

technobabble

@scottalanmiller Yep...just checked with my cc provider and they have been trying to buy products and the cards are failing multiple times...I'm calling this fraud and scamming.

dafyre

@technobabble Report his {censored} <content removed by moderator> @)(#&$)@&#$ to the Feds.

Reid Cooper

@technobabble said:

@scottalanmiller Yep...just checked with my cc provider and they have been trying to buy products and the cards are failing multiple times...I'm calling this fraud and scamming.

Sounds like it is time to run away.