Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]

To: Gadi Evron <ge@xxxxxxxxxxxx>
Subject: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
From: Christine Kronberg <Christine_Kronberg@xxxxxxxx>
Date: Tue, 21 Feb 2006 20:20:06 +0100 (CET)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <43FA2508.7030008@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <43F7A252.2040307@xxxxxxxxxxxx> <Pine.LNX.4.61.0602201749300.22544@xxxxxxxxxxxxxxxx> <43FA2508.7030008@xxxxxxxxxxxx>

On Mon, 20 Feb 2006, Gadi Evron wrote:

Christine Kronberg wrote:
On Sun, 19 Feb 2006, Gadi Evron wrote:
Today, we received a notification about a new Linux malware ItW (In theWild).
  They are not exactly new. I've seen them floating around for about
  two months now. There a different binaries running around doing the
  same work (different the way that they have been compiled on different
  linux distributions). Part of that work is to be distributed by trying
  to get in via vulnerable php scripts. Look to me like being part of a
  worm.
Indeed, the most annoying thing about the PHP worms today is that these PHPvulnerabilities being exploited are everywhere.
As I already mentioned, this recent Linux worm has more to it, but that's inanother post.


  I know. The first time I got that "double" was on 15.12.2004.
  Actually there four components to most of the attacks. There are
  the two programs you are talking about. And there are two scripts
  acting as helpers to download the stuff.

These vulnerabilities being exploited are very difficult to protect frombecause:1. PHP is the "serious" or at least open-source/Linux/security freak's choicefor web development. Mine as well (although as many still say, Perl does abetter job).


  As I'm not familiar with php I'm not sure if php is the problem.
  To me it seems more likely that problem lies in the way people
  "program" their webapplications.

2. Developing secure applications in PHP is difficult, as one of PHP'screators said recently - even to him after years of trying.
3. Staying on top of new PHP vulnerabilities has become impossible, poppingaround everywhere.


  I do not see so much php vulnerabilities but vulnerabilities in
  application written in php - written by people not thinking about
  input validation, not thinking about buffer overflows.

One note I'd like to make, is that even if the second (interesting) payloadin the Linux worm wasn't there, just because someone utilizes old malware inthe creation of new malware doesn't mean it is new, or 99.9% of any "virus"every written would be old.


  See above. The second part was in there since at least 15th of December
  last year.

  Cheers,


                                                     Christine Kronberg.

--
GeNUA mbH

Follow-Ups:
- Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
  - From: Thomas M. Payerle

References:
- new linux malware
  - From: Gadi Evron
- Re: new linux malware
  - From: Christine Kronberg
- PHP as a secure language? PHP worms? [was: Re: new linux malware]
  - From: Gadi Evron

Prev by Date: H&R Block contact
Next by Date: RE: First WMF mass mailer ItW (phishing Trojan) - think singularities
Previous by thread: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Next by thread: Re: PHP as a secure language? PHP worms? [was: Re: new linux malware]
Index(es):
- Date
- Thread