Here you can read the latest virus news and website security information.
PHP RST Backdoor
This virus / malware is normally uploaded to websites using XSS exploits or exploits in poor programming. It takes advantage of many of PHP's inbuilt functions and classes to gain control of web server systems. Once control is established the attacker then has the ability to us an uploaded SMF to see virtually any and all of the files located on the server. In some cases the SMF also includes advanced functions such as read, copy, delete and send of any files or data on the server.
Read More About 'PHP RST Backdoor'
ASProx Trojan
The AspRox Trojan first appeared in the form of a phishing Trojan, but a recent update pushed to infected computers revealed an entirely new make up for this online Malbot. Once installed on an infected computer the Trojan starts sending AScII encoded http Get requests to vulnerable websites written in asp, via a backdoor on the users machine. These malicious requests contain a hex encoded T-SQL script, the script attempts to connect to the websites database, where it creates a table cursor to browse through the table columns. It retrieves all info from specific VARCHAR fields in all tables found, it then assigns its own value to the current values (in this case a javascript file) and performs an update on the database.
Read More About 'Asprox'
W32/Sdbot-DNZ
W32/Sdbot-DNZ is a worm that is spread by IRC Programs such as MSN Messenger. It runs in the background, providing a backdoor server which allows an intruder to gain access to control the computer via IRC channels. When W32/Sdbot-DNZ is first run it copies itself to \VMwareService.exe. The file named VMwareService.exe is created as a new system driver service called "VMwareService", with the display name "VMwareService" and is set to startup automaticaly.
Read More About 'W32/Sdbot-DNZ'
