What kind of virus is this?

Hi malware fighters,

On the look-out for Casper, I stumbled onto this site and off course, polonus would not be polonus, if he did not scan the link first: htxp://ir4dex.fileave.com/Casper2.txt The following virus was detected: Backdoor.PHP.phpShell.bh
Most probably the trojan will get transfered as a file over the cloned host unless you find the original source,

Avast detects this as PHP.C99Shell-F
See where else this resides on the web: http://support.clean-mx.de/clean-mx/viruses.php?sort=id%20desc&virusname=PHP/C99Shell.F&limit=0,50

Backdoor.PHP.C99Shell is a malicious PHP script that allows an attacker to gain complete contol over the compromised server.
This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.
Main file
contains the dropper payload
File 1
first payload
File 2
second payload

as many files as the coder chooses to include
This script may compromise Windows and Unix servers.
Troj/C99Shell-F is normally found on compromised web servers,

polonus

VirusTotal - Casper2.txt - 15/42
http://www.virustotal.com/file-scan/report.html?id=0bb7abba50b5e7507e9c0ebd647a5b623ce456b43377a1db307e64f7301587a5-1282380239