Friday 25 October 2013

Hackers found using Java malware on php.net coding site after Google warning

Online Piracy
Hackers have been found exploiting a flaw in Java to serve malware to unsuspecting web users on the open source server coding site php.net.
The issue came to light after visitors to the site started receiving notifications from Google's safe browsing service that malware was on the site. This alerted the php.net team who investigated the cause of the warnings.
They discovered that every so often a file within the servers used for the website was modified to serve malware to a user, before it reverted back to its original form. This made it especially hard to discover the issue, and it was only found thanks to Google's scanning system.
Work is now beginning to try and discover how the hackers managed to infect the systems used to run the website.
"We are continuing to work through the repercussions of the php.net malware issue. As part of this, the php.net systems team has audited every server operated by php.net, and have found that two servers were compromised," it said in a post on the website.
"The server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net. The method by which these servers were compromised is unknown at this time."
Users of the site will also be asked to reset their passwords although the firm said this is only a precautionary measure for those with projects hosted within the services affected.
The website said it is also acquiring a new SSL certificate in case the attackers had acquired private keys for the site's security systems.
"We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours," it said.
The use of Java for the attack is not surprising as the software has been blamed for numerous incidents throughout 2013 and was recently the subject of a huge patch update from Oracle.

No comments:

Post a Comment