Re: cyberweaponry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 31 May 2012 13:21:07 -0400, Tedd Sperling wrote:

>[...]
>I watched a interview today where an security expert claimed that 
>the Flame Virus was written in a scripted language named lua 
>(http://www.lua.org/).

That's surprising... I'm intrigued, can you supply a link?

>He said that this was unusual because typically such viruses are
>written in languages like Ruby-on-Rails and such.

Um, really? I very much doubt that. AFAIK, most true viruses are written
in a compiled language, and many trojans as well. RoR websites would
definitely be a vulnerability target though...

>So, my question to the group -- has PHP produced any viruses? If not, 
>could it? If so, can anyone elaborate on the details?

It's unlikely to be used for viruses per se, even trojans. Mainly, it's
a target of vulnerability hacks due to the low level of entry to
building websites in PHP and some (now deprecated) truly awful features
like register globals. But even professionally written PHP can serve as
a hack target, as seen in the Plesk fiasco earlier this year:

http://arstechnica.com/business/2012/02/plesk-control-panel-bug-left-ftc-sites-and-thousands-more-exposed-to-anon/
( http://preview.tinyurl.com/8xxjcsj )

I've been burned by that one personally when the servers some customers'
sites are hosted on were taken down by a series of failures triggered by
that hack. The host proudly told me that their security was fine and
that it was WordPress that must have been hacked (because the malware
found was in scripts hidden in the various WP folders). They got awful
busy after reading that link though.
--
Ross McKay, Toronto, NSW Australia
"A just machine to make big decisions
 Programmed by fellows with compassion and vision
 We'll be clean when their work is done
 We'll be eternally free yes and eternally young
 What a beautiful world this'll be
 What a glorious time to be free..." - Donald Fagan

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux