D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] PHP Worm traffic?

 

On Tue, 17 Dec 2013, Simon Waters wrote:
I think this worm has scope to become a major issue still

It is still on accelerating growth curve from my logs, it doesn't look especially aggressive in its attempts to spread, but it has been going for three weeks and I hadn't even heard it mentioned in the numerous security places I follow.

There isn't as much focus on compromised (web) hosts as there is on compromised desktops and mobile devices (and nuclear plants). But I've seen a few talks on the subject - and know people are talking to hosting providers on the issue.

As for the payload, if it opens a backdoor, it means the machine can be used for sending spam, performing DDoS attacks, proxying malicious traffic and anything else that one can use compromised XP devices for. Except web hosts are more suited for most of these purposes. Some say that as much as 50% of all spam is sent from compormised web hosts. Such spam is also (slightly) harder to block.

Added to that, very few people run any kind of security software on their web hosts - not even something that sends a warning if software needs to be patched.

Martijn.

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq