[CS-FSLUG] PHP question
Ed Hurst
ehurst at asisaid.com
Wed May 21 07:34:00 CDT 2008
Josiah Ritchie wrote:
> On Wed, May 21, 2008 at 8:09 AM, Ed Hurst <ehurst at asisaid.com> wrote:
>> I spotted a warning on a forum about a virus which directs servers to
>> pull down a PHP file scattered around the Net. Since I'm running FreeBSD
>> and no web services, I decided to see what was in this file. It had one
>> line:
>>
>> ::H
>>
>> Just how big of threat is this?
>
> I'm no PHP master, but this doesn't look like anything related to
> valid syntax to me.
So I thought, but this whole thing may turn out to be an elaborate hoax.
Maybe I should have given more info upfront. Here's the message I saw:
------------
There is a virus going around that is attacking web servers. It asks
your web server to request a file PT.PHP from some random server.
The file contains garbage and if your server doesn't complete the
request, about a week later it will be barraged with a .dll file that
will attempt to take over your computer.
[snip irrelevance]
I telnetted to my home computer and found the log with the actual request...
GET http://iluxa1.rifo.net/pt.php HTTP/1.0
Now any request to iluxa1.rifo.net will put your ip on a list to get
barraged with .dll file requests.
-------------
--
Ed Hurst
------------
Associate Editor, Open for Business: http://ofb.biz/
Applied Bible - http://ed.asisaid.com/index.html
Kiln of the Soul - http://soulkiln.blogspot.com/
More information about the Christiansource
mailing list