[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-team] the first step in a new direction of PHP virus
PHP.NewWorld Virus represents the first step in a new direction of virus
writing in the year 2001
MEDINA, Ohio, January 5, 2001 – Central Command, a leading provider of PC
anti-virus software and computer security services, and its partners today
announced the discovery of PHP.NewWorld, the first virus using the Hypertext
Preprocessor (PHP) scripting language.
PHP (www.php.net), is one of the most popular scripting languages used in
the development of e-commerce and heavy content websites. It gained its
popularity thanks to its user-friendly programming features and the
incorporation of cross platform compatibility between Windows, Linux, and
UNIX environment features included within the language.
“This virus is not dangerous in any kind, but it can be modified to have a
very destructive payload and marks a new step towards a new virus
generation,” said Steven Sundermeier, Product Manager at Central Command,
Inc.
The PHP programming language has become a standard in dynamic website
development. A majority of websites that incorporate user interaction and
personalization rely on PHP, making it an appealing target for virus
writers.
“Because the PHP language is absolutely free, we are anticipating that
copycats of this PHP script virus will become prominent and will have much
more damaging consequences in the near future,” concluded Sundermeier.
PHP.NewWorld is spread in the system when executing an infected script. The
spreading method does not allow the virus to leave the infected machine.
Description of PHP.NewWorld:
Name: PHP.NewWorld
Alias: None
Detection included in AVX Professional: 2001-01-05
Spreading method: uses PHP script functions
Description:
PHP.NewWorld looks for .php, .hm, .html or .htt files in the C:\Windows
directory. All files found with these extensions will become infected. When
a user executes a .php file, the virus body will be executed from an
external file and will take full control. In the case that the string
“NewWorld.PHP” is identified as already existing, the infection routine will
not be launched again. Thus, a file will not get infected twice.
PHP.NewWorld has no activation date. The virus is not able to spread out
from the infected system.
<./clearpixel.gif>
[ linux-team@rtfm.be and linux@lists.linuxbe.org in ONE :) ]
[ To subscribe or unsubscribe, go to http://linuxbe.org/ml.php ]
[ http://LinuxBe.org - http://OpenBe.net - listmaster@linuxbe.org ]