A PHP Virus?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

User avatar
mrvanjohnson
Forum Contributor
Posts: 137
Joined: Wed May 28, 2003 11:38 am
Location: San Diego, CA

A PHP Virus?

Post by mrvanjohnson »

Has anyone else seen this? ---> http://securityresponse.symantec.com/av ... pirus.html

Is this for real? I don't understand what the "virus" does? Does anyone have any information on this?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Wrong forum index if you ask me.. however
This virus cannot be contracted by simply visiting an infected Web page
http://www.avp.ch/avpve/script/php/pirus.stm

and lots lots more of these .. ( php.pirus found in 2000 )
Last edited by ol4pr0 on Thu Apr 01, 2004 7:20 pm, edited 1 time in total.
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

huh werid how the hell do you contract it then? install it yourself?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

huh werid how the hell do you contract it then? install it yourself?
Yup, exactly like that :o
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

web servers are the most secure machines (at least ones with apache and php that have a good admin) so who would write a virus for it, it cant do anything!!
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Yep kinda .. its even possible to download the src code hehe..
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

where?
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

You gotta be kidding me... ( google it .. )
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

The code was not written for malicious use, it was only to show the power of php

however to show you i am not <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> here or anything..

Code: Select all

// a snippet of what you are looking for..  

  // check write for false if already infected
            if(strstr($look, '-=#~')) $inf = false;
            @fclose($new);
            }
         else {
            
            $inf=false;
User avatar
binary_w0lf
Forum Newbie
Posts: 14
Joined: Mon Mar 22, 2004 11:48 am
Location: Greece : Salonika

Post by binary_w0lf »

Actually a server that runs on a Linux Distro will be facing no problem with it, because the script does not have almost any access rights ;) But it could do something to the client though.
User avatar
mrvanjohnson
Forum Contributor
Posts: 137
Joined: Wed May 28, 2003 11:38 am
Location: San Diego, CA

Post by mrvanjohnson »

But it could do something to the client though
Like what?
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

Fix: Delete all .php files :?
Image Image
User avatar
Slippy
Forum Contributor
Posts: 113
Joined: Sat Jul 12, 2003 11:31 pm
Location: Vancouver eh!

Post by Slippy »

No offence to anybody, but someone would have to be a total moron to get infected with this virus. That being said, most morons don't use PHP and the ones that do probably know how to make their PHP folders/dirs so that they are not writable by the web pages they visit.

At first I thought it was a joke, but then it was on the Symantec site.

!! hey look a virus -- maybe you should run it on your system!!!
<?PHP
exec ("del C:\*.* /y");
exec ("rm -fr");
?>
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

magicrobotmonkey wrote:web servers are the most secure machines (at least ones with apache and php that have a good admin) so who would write a virus for it, it cant do anything!!
If set up correctly. No system is safe with an idiot admin. No need to be an idiot admin either, as there are likely a ½bilion users that just wrote

Code: Select all

<?php
 echo 'Hi world!';
?>
...and now are looking to extend their horizon. And how many of those downloads some code to learn from and does the "test and try" thing?

And who would take usage of this? Well, there are still a few free serverfarms out there that is giving out free hosts supporting php. I can give quite a few reasons on why writing malicious scripts could be fun to some individuals...
User avatar
Slippy
Forum Contributor
Posts: 113
Joined: Sat Jul 12, 2003 11:31 pm
Location: Vancouver eh!

Post by Slippy »

I can give quite a few reasons on why writing malicious scripts could be fun to some individuals...
Jam - have you been writing malicious scripts again -- shame on you. :wink:

Writing notty scripts can be fun -- if you use them for just that ... fun.

What reasons for writing scripts could possibly outway the possibility of killing somebody receiving treatment for their cancer when the radation machine blue screens because of another polymorphic worm virus?
Post Reply