php.net is compromised
A few hours ago, it became known that the well-known website for PHP developers - php.net was compromised by malicious content (JavaScript) and delivers malware to users through a set of exploits.
A further update on php.net
')
Barracuda labs
A statement from php.net says that the website got on Google’s “dark list” and was recorded as suspicious by the safe browsing service , after which the administrators began investigating the compromise case.
Malicious software that was installed by users:
VT sample1
VT sample2
VT sample3
VT sample4
VT sample5
We are continuing to work through the php.net malware today. As part of this, the php.net has been compromised: the server which hosted the www.php.net , static.php.net and git.php .net domains, it was suspected based on the JavaScript malware, and the server hosting bugs.php.net . The method by which these servers were compromised is unknown at this time.
A further update on php.net
')
One of our research tools flagged php.net as distributing malware. It appears that it has been the site of the javascript.
Barracuda labs
A statement from php.net says that the website got on Google’s “dark list” and was recorded as suspicious by the safe browsing service , after which the administrators began investigating the compromise case.
Malicious software that was installed by users:
VT sample1
VT sample2
VT sample3
VT sample4
VT sample5
Source: https://habr.com/ru/post/199000/
All Articles