What does this PHP code do?

[rivdiv]

The attached PHP files were found in our FTP directories. I'm a .NET developer and we're not sure what they actually do. I want to make sure they're not malicious or anything like that. 

 

I feel pretty stupid asking this, but can someone take a quick look and let me know what the code actually does? 

 

(On first glance it almost looks like a standard PHP mail class but I'm not naive enough to believe it's just that.)

 

Thank you.

kenguruYd9e.zip

[rivdiv]

Attached is the second file.

kenguruW0kWD.zip

[ignace]

You'd do best to remove these files asap. They are used to mail (spam) from your server and it allows them to send arbitrary cmd's to your server. In the order of # rm -rf /

[rivdiv]

You'd do best to remove these files asap. They are used to mail (spam) from your server and it allows them to send arbitrary cmd's to your server. In the order of # rm -rf /

 

Thanks. (We did remove them as soon as we discovered them.)

[ignace]

Simply removing them is not sufficient. You need to change your FTP credentials and try to track down how they were placed on your server and fix it.

[rivdiv]

Simply removing them is not sufficient. You need to change your FTP credentials and try to track down how they were placed on your server and fix it.

True. We had changed our credentials as well... but we have yet to find the source. Thanks for the suggestions.