Either it's not the first, or it's pretty old news...
And if it's the same old virus from before, the referenced article didn't
even bother to describe the virus and how to detect remove it, which other
articles have done -- They just hawk their wares.
Search the archives for "PHP Virus" and you're bound to find much better
references to what it's all about.
Oh yeah -- You'd pretty much have to install the virus yourself for it to
get onto your server... Last I heard, it had spread to two (2) machines.
:-^
While I don't want to downplay the importance of security, nor negate their
claims of future risks, it's a pretty uninformative article.
----- Original Message -----
From: <[EMAIL PROTECTED]>
Newsgroups: php.general
Sent: Wednesday, January 10, 2001 8:10 PM
Subject: [PHP] Websites warned over first hypertext virus, is it true?
> HI all,
> i have an article from my friend where the subject is virus in php. My
> Question is, is't true ? if yes, how to anticipate it?
>
> the article:
>
>
> > This article from vnunet.com has been sent to you by [EMAIL PROTECTED]
> >
> > who has added the following message: $#%@#^$&
> >
> > If you wish to go straight to the page from which this article was sent,
> > click here: http://www.vnunet.com/News/1116080
> >
> > Websites warned over first hypertext virus
> >
> > A potential threat to ecommerce sites has been identified with the
> > discovery of the first virus using the hypertext preprocessor (PHP)
> > scripting language.
> > PHP is one of the most popular scripting
> > languages and is used to develop ecommerce sites and those with heavy
> > content.
> > Although the virus, which was discovered by antivirus
> > software and computer services company Central Command, does not carry
> > any immediate risks, the company warned that future versions could
> > have more damaging consequences.
> > Steven Sundermeier, product manager
> > at Central Command, said: "PHP.NewWorld is what we consider a
> > proof-of-concept virus. In fact, the only way your server gets
> > infected is if you manually insert the script into your site or access
> > it through the web server."
> > Although the virus is spread by
> > executing an infected script, Sundermeier does not believe that the
> > spreading method allows the virus to leave the infected machine. But
> > he warned that in future, the PHP script could be altered to trigger a
> > more dangerous virus.
> > The majority of websites that integrate user
> > interaction and personalisation rely on PHP, making them an appealing
> > target for virus writers. "Because the PHP language is absolutely
> > free, we are anticipating that copycats of this PHP script virus will
> > become prominent and will have much more damaging consequences in the
> > near future," said Sundermeier.
> > He added that while other antivirus
> > providers require users to download a large upgrade file or patch when
> > a malicious new virus emerges, the company's AntiVirus eXpert software
> > has been updated to spot and deal effectively with the new bug.
> >
> > Security policy management, real-time management of antivirus
> > software and support for TCP/IP and HTTP communications, JavaScript
> > and ActiveX technologies are also included.
> >
>
> --------------------------------------------------------------------------
> >
> > vnunet.com is the computing and IT web site with the broadest range of
> > content in this field of any UK site. Whether you're a beginner or an
> > expert, an enthusiast or a professional, vnunet.com has something for
you.
> >
> >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > http://www.vnunet.com - your computer connection
> >
> >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> >
> > Thu Jan 11 01:49:42 GMT 2001
>
>
> Best Regards
> -JUANG-
>
> http://www.infoasia.net
> http://www.skopeonet.com
> http://www.infoasiamall.com
> http://www.laksamana.net
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
