On Thu, 31 May 2012 13:21:07 -0400, Tedd Sperling wrote: >[...] >I watched a interview today where an security expert claimed that >the Flame Virus was written in a scripted language named lua >(http://www.lua.org/). That's surprising... I'm intrigued, can you supply a link? >He said that this was unusual because typically such viruses are >written in languages like Ruby-on-Rails and such. Um, really? I very much doubt that. AFAIK, most true viruses are written in a compiled language, and many trojans as well. RoR websites would definitely be a vulnerability target though... >So, my question to the group -- has PHP produced any viruses? If not, >could it? If so, can anyone elaborate on the details? It's unlikely to be used for viruses per se, even trojans. Mainly, it's a target of vulnerability hacks due to the low level of entry to building websites in PHP and some (now deprecated) truly awful features like register globals. But even professionally written PHP can serve as a hack target, as seen in the Plesk fiasco earlier this year: http://arstechnica.com/business/2012/02/plesk-control-panel-bug-left-ftc-sites-and-thousands-more-exposed-to-anon/ ( http://preview.tinyurl.com/8xxjcsj ) I've been burned by that one personally when the servers some customers' sites are hosted on were taken down by a series of failures triggered by that hack. The host proudly told me that their security was fine and that it was WordPress that must have been hacked (because the malware found was in scripts hidden in the various WP folders). They got awful busy after reading that link though. -- Ross McKay, Toronto, NSW Australia "A just machine to make big decisions Programmed by fellows with compassion and vision We'll be clean when their work is done We'll be eternally free yes and eternally young What a beautiful world this'll be What a glorious time to be free..." - Donald Fagan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
