ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

PHP virus sparks debate

Will Knight ZDNet.co.uk

Published: 08 Jan 2001 11:10 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Antivirus company Central Command says that a new strain of viruses written in the popular scripting language PHP could be on the way, although other antivirus experts believe the danger is limited.

Central Command last week found a "proof of concept" virus dubbed PHP.NewWorld, written in the Hypertext Preprocessor (PHP) scripting language -- a popular free server-side scripting language typically used by Web developers to automate the generation of Web pages.

Although NewWorld is not thought to be especially dangerous, Central Command says that it could lead to copycat viruses written in PHP.

In order to activate PHP.NewWorld a user would need to have PHP installed on a Windows machine and have been granted permissions to run PHP scripts. Then NewWorld would be able to infect any writeable files with the extensions .html and .php stored in the directory C:/Windows.

Although NewWorld is therefore limited, Central Command product manager Steve Sundermeier suggests that it could inspire more dangerous types of viruses written in PHP. "It can be modified to have a very destructive payload and marks a new step towards a new virus generation. Because the PHP language is absolutely free, we are anticipating that copycats of this PHP script virus will become prominent and will have much more damaging consequences in the near future." Sundermeier also says it might be possible to use email to point users to a malicious script written in PHP.

However, others say that, while this is an interesting proof of concept, we are unlikely to ever see PHP viruses in the wild.

Eric Chien, chief researcher at Symantec's Antivirus Research Centre (SARC), says that the danger is limited because PHP relies on someone having it installed on his or her computer and scripts are also most likely to be accessible on an internal network.

Graham Cluley, senior technologist at Sophos agrees that PHP viruses such as NewWorld are unlikely to spread very far. He adds that the discovery doesn't indicate a weakness in PHP but rather shows that malicious code can potentially be written in any programming language. "I don't think people should lose any sleep," he says.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
30 out of 67 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:









Related Jobs

SQL Server BI Consultant - UK Wide - 38k to 50k

You will join client based engagements as a consultant looking after the full lifecycle of consultancy work from proof of concept, presentations, and ...

Systems Engineer with Network Design Experience - Contract role - Beds

As they are creating a new management centre, from proof of concept through to deployment, this candidate will have an appreciation of Business ...

Software Test Engineer, QA To 30k

You will be active in White box script creation for Black box testing to a third party. The main duties of the successful candidate is to be a ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation