Google Detected Malware On PHP.net Website, Issue Resolved Now

A few days ago, multiple sources confirmed that the notable website PHP.net was compromised. Google warned users trying to access the site that it contained a malware while Chrome and Firefox also cited similar warnings. The issue has been resolved by now.


PHP.net malware

According to the details of the malware detection provided by Google, “Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent.”

The Safe Browsing diagnostic page of Google further revealed, “Malicious software includes 4 trojan(s). Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/ . 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including stephaniemari.com/,northgadui.com/, satnavreviewed.co.uk/”

The attackers used a JavaScript ‘userprefs.js’ to target the users. This script essentially inserts a hidden iframe in a web page. When a user visits the page, this iframe automatically downloads content hosted on another site. The downloaded content comprises of a malware, compromising the security of the user’s machines.

The team behind the website was quick to take precautionary measures as soon as the malware was detected. Investigations into the attack revealed that the hackers were able to gain access to two servers.

To mitigate any possibly damage, the team stated that it had took the following measures, “As it’s possible that the attackers may have accessed the private key of the php.net SSL certificate, we have revoked it immediately. We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net) in the next few hours.”

The issue has been resolved now and the website is no longer being flagged as malware-infected by Google or any other sources. Since PHP.net is a very popular online hub, it is significant to note that the hackers were apparently able to insert malware into its web pages rather easily.

Source: PHP.net

Courtesy: The Hacker News

[ttjad keyword=”android-device”]

Salman

Salman Latif is a software engineer with a specific interest in social media, big data and real-world solutions using the two.Other than that, he is a bit of a gypsy. He also writes in his own blog. You can find him on Google+ and Twitter .

Leave a Reply