Destructive botnet originating from Japan

• Previous message (by thread): Destructive botnet originating from Japan
• Next message (by thread): Destructive botnet originating from Japan
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Well it appears that bad code always seems to be the root of 
>problems, according to our research today the problem appears to be 
>caused by incorrectly written PHP applications that perform includes 
>using a string without running any validation against the string:


The truly frightening thing about an exploit using PHP is that the 
"bad code" can be as much user-generated as it is 
developer-generated. In other words, the clueless webmaster who 
copy/pastes code can unwittingly lead to the compromise of a server 
that s/he has even very limited user-level access on.

That and the vast variation of PHP versions we see still in use on 
various colo servers.


Another year, yet another variation of whack-a-mole.


--chuck goolsbee

• Previous message (by thread): Destructive botnet originating from Japan
• Next message (by thread): Destructive botnet originating from Japan
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]