Php.net Compromised, Used To Attack Visitors - Webmasters - Nairaland
Nairaland Forum / Science/Technology / Webmasters / Php.net Compromised, Used To Attack Visitors (594 Views)
How I Increased My Website Traffic To 1000 Unique Visitors Daily / Economic And Financial Crimes Commission (efcc) Website Compromised (2) (3) (4)
| Php.net Compromised, Used To Attack Visitors by Slyr0x: 7:55am On Oct 26, 2013 |
Visitors to the official website for the PHP programming language over the past couple of days might have had their computers infected with malware. Hackers managed to inject malicious JavaScript code into a file on the php.net site called userprefs.js. The code made requests to a third-party website that scanned visitors' browsers for vulnerable plug-ins and executed exploits that, if successful, installed a piece of malware, said Daniel Peck, a research scientist at Barracuda Networks. One of Barracuda's research tools detected and captured attack traffic from php.net late Tuesday evening, according to Peck. The exploits served during the attack came in the form of malicious SWF files, so they most likely targeted vulnerabilities in Adobe Flash Player. However, Barracuda's researchers are still conducting their analysis and haven't identified yet exactly which vulnerabilities were targeted, Peck said. It's also not clear what the program installed by the exploits does or if it's part of a known malware family. The only thing Peck could say about it is that it tries to connect to around three dozen different command-and-control servers around the world and successfully establishes communication with four of them. The php.net site was blacklisted early Tuesday by Google Safe Browsing, a service used by Google Search, Google Chrome and Mozilla Firefox to prevent users from visiting malicious websites. As a result, Chrome and Firefox users who tried to access php.net over the course of several hours Thursday were warned that the site contained malware. The PHP Group, which maintains the php.net website and the PHP distribution packages, initially thought the warning was the result of a Google Safe Browsing detection error. "It appears Google has found a false positive and marked all of http://php.net as suspicious," Rasmus Lerdorf, the creator of PHP, said on Twitter. But a more in-depth investigation revealed that the userprefs.js file had been modified repeatedly as a result of an intrusion, the PHP Group said in a message on php.net. "We are still investigating how someone caused that file to be changed, but in the meantime we have migrated www/static to new clean servers," the group said, adding that there's no evidence of the compromise extending to the PHP distribution files. http://www.computerworld.com/s/article/9243524/PHP.net_compromised_used_to_attack_visitors |
| Re: Php.net Compromised, Used To Attack Visitors by mrperfect(m): 11:47pm On Oct 26, 2013 |
They targeted wrong group, the guys will figure it and use that to help people (users) |
| Re: Php.net Compromised, Used To Attack Visitors by Djtm(m): 11:56pm On Oct 26, 2013 |
When last did I visit php.net? *thinking* |
| Re: Php.net Compromised, Used To Attack Visitors by web2X: 3:15am On Oct 27, 2013 |
This attack is a big hit. They'll figure it out though. Google safe browsing seems to be pretty smart. |
(1) (Reply)
Kudos To Quickteller / Joomla SMS Component & GSM Database (local Govt. By Local Govt -new Update) / Please Is There Any Alternative Apns On Mtn?
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 11 |