PHP.net przejęte i użyte do zaatakowania odwiedzających

[ichito]

PHP.net compromised and used to attack visitors

Attackers injected malicious JavaScript code into the site, redirecting some visitors'' browsers to Flash exploits

By Lucian Constantin, IDG News Service
October 24, 2013 08:21 PM ET

IDG News Service - Visitors to the official website for the PHP programming language over the past couple of days might have had their computers infected with malware.

Hackers managed to inject malicious JavaScript code into a file on the php.net site called userprefs.js. The code made requests to a third-party website that scanned visitors'' browsers for vulnerable plug-ins and executed exploits that, if successful, installed a piece of malware, said Daniel Peck, a research scientist at Barracuda Networks.
(...)
The exploits served during the attack came in the form of malicious SWF files, so they most likely targeted vulnerabilities in Adobe Flash Player. However, Barracuda''s researchers are still conducting their analysis and haven''t identified yet exactly which vulnerabilities were targeted, Peck said.

It''s also not clear what the program installed by the exploits does or if it''s part of a known malware family. The only thing Peck could say about it is that it tries to connect to around three dozen different command-and-control servers around the world and successfully establishes communication with four of them.

The php.net site was blacklisted early Tuesday by Google Safe Browsing, a service used by Google Search, Google Chrome and Mozilla Firefox to prevent users from visiting malicious websites. As a result, Chrome and Firefox users who tried to access php.net over the course of several hours Thursday were warned that the site contained malware. (...)

Źródło

[Aby zobaczyć linki, zarejestruj się tutaj]