PHP/WebShell [Threat Name] go to Threat

PHP/WebShell.NAG [Threat Variant Name]

Category trojan
Aliases PHP.Backdoor.Trojan (Microsoft)
  Backdoor.PHP.ASQ (BitDefender)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


The trojan does not create any copies of itself.

The trojan is usually found in the following folder:

  • %webserverdocumentsrootfolder%
Other information

The trojan acquires data and commands from a remote computer or the Internet. The HTTP protocol is used.

It can execute the following operations:

  • execute shell commands
  • execute SQL commands
  • download files from a remote computer and/or the Internet
  • run executable files
  • various filesystem operations
  • collect information about the operating system used
  • send open TCP and UDP port numbers to a remote computer
  • open ports
  • brute-force logins for          FTP, MySql, PostgreSql
  • send list of installed applications
  • send gathered information

Some examples follow.

Please enable Javascript to ensure correct displaying of this content and refresh this page.