Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re:Destructive botnet originating from Japan

  • From: chuck goolsbee
  • Date: Sun Dec 25 12:20:15 2005


Well it appears that bad code always seems to be the root of problems, according to our research today the problem appears to be caused by incorrectly written PHP applications that perform includes using a string without running any validation against the string:

The truly frightening thing about an exploit using PHP is that the "bad code" can be as much user-generated as it is developer-generated. In other words, the clueless webmaster who copy/pastes code can unwittingly lead to the compromise of a server that s/he has even very limited user-level access on.

That and the vast variation of PHP versions we see still in use on various colo servers.


Another year, yet another variation of whack-a-mole.


--chuck goolsbee





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.