A tool used by cybercriminals that exploit Linux.PNScan.1, Linux.BackDoor.Tsunami.133, and Linux.BackDoor.Tsunami.144. This malicious program is written in Perl and can be controlled using IRC (Internet Relay Chat).
The main purpose of this program is to look for vulnerabilities in websites created on WordPress, Joomla, e107, and WHMCS platforms and in websites which use such online-store management systems as Zen Cart and osCommerce. The total number of vulnerabilities that can be detected by the malicious program is 24.
If a search run by the malware returns positive results, the PHP.Shell.4 script (0ffb0e2a303dc2a4bb55b4e4b6197acd9edde3bf) gets installed on the compromised website.