PHP Servers Hacked

Monday, October 28, 2013 @ 05:10 PM gHale


Two of the PHP Group’s servers ended up hacked and set up to serve malware, researchers said.

The hackers compromised the server that hosts php.net, git.php.net, and static.php.net, and the one that hosts bugbs.php.net, according to The PHP Group’s own analysis.

RELATED STORIES
Teen Hacked, Blackmailed
Old Trojan Remains Effective
Exploit Kit Without an Exploit
New Revenue Stream for Ransomware

Services migrated to new, secure servers. In addition, since the attackers may have accessed the private key for the php.net SSL certificate, the certificate ended up revoked.

PHP users will not feel any affect of the breach, officials said. However, the passwords of individuals committing code to svn.php.net and git.php.net ended up reset. PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language.

PHP developers said their Git repository did not suffer from the hack. Currently, it’s unknown how the hackers managed to break into the PHP servers.

It appears that a piece of JavaScript malware ended up served between October 22 and October 24. However, The PHP Group said only a small percentage of php.net users have felt the impact.

Security researchers from Kaspersky Labs, Trustwave, Panda Security, Avast, and Barracuda Networks analyzed the attack. Kaspersky’s Fabio Assolini identified a malicious iframe pointing to the Magnitude Exploit Kit set up to serve the Tepfer Trojan, a piece of ransomware designed to encrypt files.

Panda’s Bart Blaze has also analyzed some of the payloads served in this attack. In addition to ransomware, he has also identified versions of Fareit, ZeroAccess and ZeuS.



Leave a Reply

You must be logged in to post a comment.