Here is an e-commerce website selling various items and taking payments online.
A malicious PHP script has been planted in the images folder, under an obscure name…
This is a IRC Bot that allows you to execute commands remotely.
Bots in themselves are not necesarily bad, there are in fact some legitimate uses. However, I highly doubt this one is
In the source code, you can see the name: “irc.onetcr3.com”. Onetcr3 is a group of hackers heavily involved in writing malicious bots, including exploit code for known (and maybe unknown) vulnerabilities.
They are credited for making:
a Perl IRC Bot with vBulletin DoS Exploit.
a remote shell:
There are some things that may indicate some of the guys from this group are Indonesian:
The WordPress exploit archives page shows this at the bottom:
Then there is is blog (translated from Indonesian) where what looks like an Indonesian hacker is thanking his peers:
Last but not least, someone posted on a freelancing site:
I guess one could infiltrate their IRC channel to learn more but that’s for another day