A while back casus15.php was being found on a number of servers. According to one source at the time "Its a script that was created to excute system commands on your server using the system() function.". If you're running into casus15.php please drop us a note on your determination of how it was installed at your network.
casus15.php showed up a few times at Zone-H DIGITAL ATTACKS ARCHIVE.
Googlebot's capture of one system, that caught a SSH connection, scroll to the bottom and catch;
_ENV["SSH_CONNECTION"] 220.127.116.11 4172 18.104.22.168 22
Nov 13th 2005
1 decade ago