The virus is super simple. It simple inserts an include statement to
itself in PHP and HTML files it can find. Of course this is only dangerous
on server side. You can NOT get it by visiting a PHP file on a remote web
server.
...Eric
At 12:53 PM 11/30/2000 -0500, Ryan W. Maple wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>I ran across this URL today (saw it on linuxtoday):
>
> http://www.sarc.com/avcenter/venc/data/php.pirus.html
>
>Does anybody actually have this? I'm curious to see exactly what it does.
>The "advisory" is very sketchy and does not offer any links to anything
>useful pertaining to the "virus".
>
>Thanks,
>Ryan
>
> +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
> Ryan W. Maple "I dunno, I dream in Perl sometimes..." -LW
> Guardian Digital, Inc. ryan_at_guardiandigital.com
> +-- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --+
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.4 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE6JpQHIwAIA9MpKWcRAt7eAJ41LgToo29545FJ2sw3EnfcTbi4fwCggFts
>yS2kKvy/EuYO2NYZHTkie3c=
>=aZGe
>-----END PGP SIGNATURE-----
>
Received on Dec 02 2000
Intro
