PHP Configuration Misused for Injecting Malware
According to Sucuri Security a Web-security company, cyber-criminals are exploiting one unique PHP configuration so they may inject malware into online sites using the hosting services of 24/7 active VPS (Virtual Private Servers), which they already compromised.
The development apparently resulted in a large number of websites getting contaminated with malevolent and invisible iFrames that's reason for much worry.
David Dede, confidence researcher at Sucuri stated that the company was waiting to know the servers under the criminals control, while one special server php.ini details (/etc/php/php.ini) contained an added environment namely ;auto_append_file = "0ff." ARTECH-news.com published this on December 24, 2011.
Moreover, as per the PHP guidelines, the auto_append_file folder provides the filename, which's parsed by default following the most important file. The said filename stands comparable to the PHP require() utility with regards to 'across servers.'
Dede explained that normally it was possible to enter some dozens of Web-servers having the said malware, still by performing a crawling, some thousands of websites were identified having the same malicious component, suggesting a common method being used to hijack all the websites.
The plain series within the php.ini leads each of the php codes to attach to them the Off (/tmp/Off) file's output. Thus, despite the website visitors' files appearing absolutely cleansed, the malicious software actually continued to be exhibited to them.
Security Researcher Elad Sharf of Websense another Web-security company at the time of Web confidence declared that assaults controlling the explained method had by now been controlling in favor of multiform months. According to him, it was one of majority of bulk insertion scams that everyone was familiar with, and even followed. PC World published this on December 23, 2011.
Security Researcher Denis Sinegubko who also designed the website scanner 'Unmask Parasites' stated that one more technique was to set up one blank .php file within the first on the list of directories followed with running a scan on the URL matching it using any website scanner available for free online. And suppose detection emerged then the webmaster(s) must notify the problem to their hosting vendors. PC World published this.
Related article: PUP-installing Toolbar - the Most Common Malware
» SPAMfighter News - 04-01-2012