Re:Destructive botnet originating from Japan

[chuck goolsbee]

> Well it appears that bad code always seems to be the root of 
> problems, according to our research today the problem appears to be 
> caused by incorrectly written PHP applications that perform includes 
> using a string without running any validation against the string:

The truly frightening thing about an exploit using PHP is that the 
"bad code" can be as much user-generated as it is 
developer-generated. In other words, the clueless webmaster who 
copy/pastes code can unwittingly lead to the compromise of a server 
that s/he has even very limited user-level access on.

That and the vast variation of PHP versions we see still in use on 
various colo servers.


Another year, yet another variation of whack-a-mole.


--chuck goolsbee