Update 'malware4.pl'

malware4.pl

@@ -51,6 +51,11 @@ my @regexen = (
 	qr/<\?php\s+if\(isset\(\$\_POST\[chr\(100\).+?<h1>Object\s+not\s+found\!<\/h1>.+?<h2>Error\s+404<\/h2>\s+<\/body>\s+<\/html>/is,
     qr/<\?php\s+\$([A-z0-9]{1,20})\=chr\(97\)\.chr\(117\)\.\"t\"\.chr\(104\)\.\"\_\"\.\"p\"\.\".+?\"\.\"s\"\.chr\(115\)\;.+?\)\)\;\s+\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#/is,
     qr/<\?\s+\$GLOBALS\[\'\_([0-9]{1,20})\_\'\]\=Array\(base64\_decode\(.+?return.+?round\(.+?\)\;\}/is,
+    qr/<IfModule\s+mod\_rewrite\.c>\s+\RewriteEngine\s+On\s+RewriteCond\s+\%\{HTTP\_REFERER\}\s+\^\.\*\(google\|ask\|yahoo.+?\/index\_backup\.php\?query\=\$1\s+\[QSA\,L\]\s+<\/IfModule>/is,
+    qr/<\?php\s+if\s+\(isset\(\$\_GET\[\'jpg\'\]\)\)\s+\{\s+\header\(\s+\'Content\-Type\:\s+image\/jpeg\'\s+\)\;\s+readfile\(\'http\:\/\/.+?\.jpg\'\)\;\s+\exit\(\)\;\s+\}\s+header\(\'Location\:\s+http\:\/\/.+?\'\)\;\s+exit\(\)\;/is,
+    qr/function\s+l\_\_1\(\$.+?function\s+l\_\_3\(\$\_2\)\{if\(\$GLOBALS\[\Z/is,
+    qr/<\?php\s+\$GLOBALS\[\'\_([0-9]{1,20})\_\'\]\=Array\(base64\_decode\(.+?return\s+base64\_decode\(\$a\[\$i\]\)\;\}.+?\$GLOBALS\[\'\_([0-9]{1,20})\_\'\]\[.+?\s+exit\(\)\;\Z/is,
+ 
 
     
 );