Page 1 of 2
A PHP Virus?
Posted: Thu Apr 01, 2004 7:09 pm
by mrvanjohnson
Has anyone else seen this? --->
http://securityresponse.symantec.com/av ... pirus.html
Is this for real? I don't understand what the "virus" does? Does anyone have any information on this?
Posted: Thu Apr 01, 2004 7:19 pm
by ol4pr0
Wrong forum index if you ask me.. however
This virus cannot be contracted by simply visiting an infected Web page
http://www.avp.ch/avpve/script/php/pirus.stm
and lots lots more of these .. ( php.pirus found in 2000 )
Posted: Thu Apr 01, 2004 7:19 pm
by magicrobotmonkey
huh werid how the hell do you contract it then? install it yourself?
Posted: Thu Apr 01, 2004 7:20 pm
by markl999
huh werid how the hell do you contract it then? install it yourself?
Yup, exactly like that

Posted: Thu Apr 01, 2004 7:22 pm
by magicrobotmonkey
web servers are the most secure machines (at least ones with apache and php that have a good admin) so who would write a virus for it, it cant do anything!!
Posted: Thu Apr 01, 2004 7:22 pm
by ol4pr0
Yep kinda .. its even possible to download the src code hehe..
Posted: Thu Apr 01, 2004 7:34 pm
by magicrobotmonkey
where?
Posted: Thu Apr 01, 2004 7:42 pm
by ol4pr0
You gotta be kidding me... ( google it .. )
Posted: Thu Apr 01, 2004 7:42 pm
by ol4pr0
The code was not written for malicious use, it was only to show the power of php
however to show you i am not <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> here or anything..
Code: Select all
// a snippet of what you are looking for..
// check write for false if already infected
if(strstr($look, '-=#~')) $inf = false;
@fclose($new);
}
else {
$inf=false;
Posted: Fri Apr 02, 2004 5:31 am
by binary_w0lf
Actually a server that runs on a Linux Distro will be facing no problem with it, because the script does not have almost any access rights

But it could do something to the client though.
Posted: Fri Apr 02, 2004 11:47 am
by mrvanjohnson
But it could do something to the client though
Like what?
Posted: Fri Apr 02, 2004 7:06 pm
by phice
Fix: Delete all .php files

Posted: Fri Apr 02, 2004 11:21 pm
by Slippy
No offence to anybody, but someone would have to be a total moron to get infected with this virus. That being said, most morons don't use PHP and the ones that do probably know how to make their PHP folders/dirs so that they are not writable by the web pages they visit.
At first I thought it was a joke, but then it was on the Symantec site.
!! hey look a virus -- maybe you should run it on your system!!!
<?PHP
exec ("del C:\*.* /y");
exec ("rm -fr");
?>
Posted: Sat Apr 03, 2004 12:06 am
by JAM
magicrobotmonkey wrote:web servers are the most secure machines (at least ones with apache and php that have a good admin) so who would write a virus for it, it cant do anything!!
If set up correctly. No system is safe with an idiot admin. No need to be an idiot admin either, as there are likely a ½bilion users that just wrote
...and now are looking to extend their horizon. And how many of those downloads some code to learn from and does the "test and try" thing?
And who would take usage of this? Well, there are still a few free serverfarms out there that is giving out free hosts supporting php. I can give quite a few reasons on why writing malicious scripts could be fun to some individuals...
Posted: Sat Apr 03, 2004 12:24 am
by Slippy
I can give quite a few reasons on why writing malicious scripts could be fun to some individuals...
Jam - have you been writing malicious scripts again -- shame on you.
Writing notty scripts can be fun -- if you use them for just that ... fun.
What reasons for writing scripts could possibly outway the possibility of killing somebody receiving treatment for their cancer when the radation machine blue screens because of another polymorphic worm virus?