php.net Hack Confirmed

Yesterday in our article php.net Blacklisted By Google Rasmus Lerdorf, the creator of php, claimed Google reported a false positive. Today however php.net admits two of their servers were compromised with malicous JavaScript code.

From October 22nd thru the 24th the two servers infected php.net visitors committing code to projects hosted on svn.php.net or git.php.net with malicous JavaScript code. Once this was discovered the services on these two servers were migrated to a secure server and a new SSL certificate was issued.

Spokes people at php.net said, “All php.net user passwords have also been reset, but neither the source tarball downloads nor the Git repository were modified or compromised.” 

Using an unknown method criminals injected a malicous iFrame which delivered the Tepfer Trojan from the Magnitude exploit kit onto unsuspecting users. This was confirmed by security researcher Fabio Assolini at  Kaspersky Labs.

php.net is stilling working to clean up the infection.

Traffic analisys from the web information company Alexa lists php.net as the 229th most visited site in the world. This means there must have been quite a few computers infected by the malicous JavaScript.


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s