The Hacker News

 

 

The Hacker News

The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Google detected Malware on PHP.net website; Flagged as 'Suspicious' site
10/24/2013 1:30:00 PM

If you're trying to get to the php.net website, the official website of the PHP scripting language, you'll likely see the above shown result, instead of the site loading.

Chrome and Firefox is currently flagging the site as "suspicious" and contains malware that can harm your computer. PHP is one of the very popular web development languages, and one of the most frequently used resource of PHP developers. Millions of websites all over the world, including CrazyEngineers.com are powered by PHP.

Google's Webmaster Tools flag the inclusion of the script at http://static.php.net/www.php.net/userprefs.js as suspicious, and Google's Safe Browsing diagnostics for php.net do suggest that malware has been present on the site in the last 90 days:

"Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent."

"Malicious software includes 4 trojan(s). Malicious software is hosted on 4 domain(s), including cobbcountybankruptcylawyer.com/, stephaniemari.com/, northgadui.com/ . 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including stephaniemari.com/,northgadui.com/, satnavreviewed.co.uk/ ." 

The obfuscated JavaScript "

This suggests that the website may have been compromised recently. Well, Google's Safe Browsing team will be looking into the issue and we will update this article if we hear anything from Google or PHP site owner.

Mohit Kumar - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. (Google+ Profile)

Popular Stories

 

New Android Banking Trojan targeting Korean users
10/24/2013 5:45:00 PM

A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts.

One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazil and India. 

The Antivirus software maker Malwarebytes noticed that a new threat distributed via file sharing sites and alternative markets in the last few months, targets Korean users.

Dubbed as 'Android/Trojan.Bank.Wroba', malware disguises itself as the Google Play Store app and run as a service in the background to monitor events. 

"This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server."

According to the researcher, after installation - malware lookup for existence of targeted Banking applications on the device, remove them and download a malicious version to replace.

"The malicious version will contain the exact Package Name and look very similar to the legitimate app, but contains malicious code with no banking functionality."

The attackers aim to obtain login credentials giving them access to the victim's bank account and that second installed fake Banking application will capture the banking information and other useful data to generate revenue for them.

Android wouldn't be the only mobile operating system at risk from such automated exploits. Recently launched Firefox Mobile OS also have its first mobile Malware surfaced a few days back.

Best Security Practice, always download applications from reputable markets only i.e. Google Play Store.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions