Re: [PHP] cyberweaponry
On Jun 3, 2012 12:05 PM, "Tedd Sperling" wrote: > > On May 31, 2012, at 7:45 PM, Ross McKay wrote: > > >> He said that this was unusual because typically such viruses are > >> written in languages like Ruby-on-Rails and such. > > > > Um, really? I very much doubt that. AFAIK, most true viruses are written > > in a compiled language, and many trojans as well. RoR websites would > > definitely be a vulnerability target though... > > Yeah, that's what I thought, but this guy was held out to be one of the foremost experts on cyber-warfare. So, I listened and asked. Actually, that's not true anymore. Flame was indeed written in Lua (and you can find the source if you look), and while that choice of language is a bit surprising, since it's a gaming language, the choice of distributing a script-based virus/worm is not unique. Remember, WSH viruses and worms, though not as prevalent today, were some of the most widespread and destructive forms of malware in history --- a la Loveletter/Lovebug/ILOVEYOU.
Re: [PHP] cyberweaponry
On May 31, 2012, at 7:45 PM, Ross McKay wrote: > On Thu, 31 May 2012 13:21:07 -0400, Tedd Sperling wrote: > >> [...] >> I watched a interview today where an security expert claimed that >> the Flame Virus was written in a scripted language named lua >> (http://www.lua.org/). > > That's surprising... I'm intrigued, can you supply a link? No, there was no link. If I remember correctly, it was an interview done on Fox News. >> He said that this was unusual because typically such viruses are >> written in languages like Ruby-on-Rails and such. > > Um, really? I very much doubt that. AFAIK, most true viruses are written > in a compiled language, and many trojans as well. RoR websites would > definitely be a vulnerability target though... Yeah, that's what I thought, but this guy was held out to be one of the foremost experts on cyber-warfare. So, I listened and asked. Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cyberweaponry
On Thu, May 31, 2012 at 12:21 PM, Tedd Sperling wrote: > I watched a interview today where an security expert claimed that the Flame > Virus was written in a scripted language named lua (http://www.lua.org/). Is the interview online someplace? (Youtube?) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] cyberweaponry
> -Original Message- > From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of > Daniel Brown > Sent: Thursday, May 31, 2012 1:52 PM > To: Tedd Sperling > Cc: php-general General > Subject: Re: [PHP] cyberweaponry > > On Thu, May 31, 2012 at 1:21 PM, Tedd Sperling wrote: > > > > So, my question to the group -- has PHP produced any viruses? If not, could > it? If so, can anyone elaborate on the details? > > To my own memory, viruses by definition, no. However, with that said, > there's tons of PHP malware, including self-replicating worms that target > certain vulnerabilities (such as known exploits in versions of WordPress). In > fact, one of the most common PHP-scripted attacks on the web is against an > individual script, which has been packaged in with many other PHP > applications - including WordPress - over the years. The script, known as > TimThumb, has an extremely well-known vulnerability in past versions, which > are still in widespread use today. > Just to be clear, WordPress core never included TimThumb. It was included in some Premium themes and various plugins (still is in some plugins). A lot of the vulnerabilities found in TimThumb have been patched however, the main issue with it has been the loading of files from external websites and then caching them on the server where the instance of WP resides. Just wanted to make sure we don't create a panic. [>] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cyberweaponry
On Thu, May 31, 2012 at 1:21 PM, Tedd Sperling wrote: > > So, my question to the group -- has PHP produced any viruses? If not, could > it? If so, can anyone elaborate on the details? To my own memory, viruses by definition, no. However, with that said, there's tons of PHP malware, including self-replicating worms that target certain vulnerabilities (such as known exploits in versions of WordPress). In fact, one of the most common PHP-scripted attacks on the web is against an individual script, which has been packaged in with many other PHP applications - including WordPress - over the years. The script, known as TimThumb, has an extremely well-known vulnerability in past versions, which are still in widespread use today. The thing is, a PHP virus would be simple to write, so there likely are a few out there. However, because a virus needs direct interaction to spread it, it would be less effective than something that is "set and forget" like a worm. Conversely, there are worms written in PHP that then inject JavaScript into PHP/HTML files and, usually using an iframe, attempt to force a malicious file to be downloaded by the user, who may or may not believe the interaction to be legitimate. Still, since PHP isn't a client-side application, and - aside from a precompiled binary to match the target operating system - requires the PHP parser to be present and configured, as well as execution of the script to be initiated by the user or a predictable automated process, it's unlikely that a PHP virus (again, by definition) would see enough success to make it worthwhile to the author. -- Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] cyberweaponry
> -Original Message- > From: Tedd Sperling [mailto:t...@sperling.com] > Sent: Thursday, May 31, 2012 1:21 PM > To: php-general General > Subject: [PHP] cyberweaponry > > Hi gang: > > This is a little early for Friday's "Open Comment" day, but my memory is > increasingly more short term and by tomorrow I might forget -- so, here > goes. > > I watched a interview today where an security expert claimed that the Flame > Virus was written in a scripted language named lua (http://www.lua.org/). > > He said that this was unusual because typically such viruses are written in > languages like Ruby-on-Rails and such. > > So, my question to the group -- has PHP produced any viruses? If not, could > it? If so, can anyone elaborate on the details? > Malware, Trojans and virii OH MY!!! But seriously, I think we may need to establish a parameter here to avoid mixing of virii with other types of non-viral malware. [>] Computer virus - a self-replicating program that can transmit itself from computer to computer. Other non-viral Malware - spyware, Trojans basically and program written with malicious intent that does not self-replicate. Or are we talking about malware in general? Marc Hall I'm broke so can I borrow 2 cents from Tedd? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cyberweaponry
There was the Never Ever No Sanity worm ( http://news.cnet.com/Net-worm-using-Google-to-spread/2100-7349_3-5499725.html ). One variant of it was written in php the other in perl. - Joseph Moniz On Thu, May 31, 2012 at 10:21 AM, Tedd Sperling wrote: > Hi gang: > > This is a little early for Friday's "Open Comment" day, but my memory is > increasingly more short term and by tomorrow I might forget -- so, here goes. > > I watched a interview today where an security expert claimed that the Flame > Virus was written in a scripted language named lua (http://www.lua.org/). > > He said that this was unusual because typically such viruses are written in > languages like Ruby-on-Rails and such. > > So, my question to the group -- has PHP produced any viruses? If not, could > it? If so, can anyone elaborate on the details? > > Cheers, > > tedd > > > _ > tedd.sperl...@gmail.com > http://sperling.com > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] cyberweaponry
Hi gang: This is a little early for Friday's "Open Comment" day, but my memory is increasingly more short term and by tomorrow I might forget -- so, here goes. I watched a interview today where an security expert claimed that the Flame Virus was written in a scripted language named lua (http://www.lua.org/). He said that this was unusual because typically such viruses are written in languages like Ruby-on-Rails and such. So, my question to the group -- has PHP produced any viruses? If not, could it? If so, can anyone elaborate on the details? Cheers, tedd _ tedd.sperl...@gmail.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php