Destructive botnet originating from Japan
chuck goolsbee
chucklist at forest.net
Sun Dec 25 17:19:04 UTC 2005
>Well it appears that bad code always seems to be the root of
>problems, according to our research today the problem appears to be
>caused by incorrectly written PHP applications that perform includes
>using a string without running any validation against the string:
The truly frightening thing about an exploit using PHP is that the
"bad code" can be as much user-generated as it is
developer-generated. In other words, the clueless webmaster who
copy/pastes code can unwittingly lead to the compromise of a server
that s/he has even very limited user-level access on.
That and the vast variation of PHP versions we see still in use on
various colo servers.
Another year, yet another variation of whack-a-mole.
--chuck goolsbee
More information about the NANOG
mailing list