#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    7
    Rep Power
    0
    http://newsbytes.com/news/01/160115.html

    at first i thought it was some kind of joke, but now am not so sure, it's strange how vague they are though

    can anyone shed some light?
  2. #2
  3. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Location
    Colchester, England
    Posts
    131
    Rep Power
    15
    If you read the key elements it only affects Windows:

    "When it executes, PHP.NewWorld looks for php, hm, html or htt suffix files in the C:Windows directory. All files found with these extensions will become infected."

    "When a user executes a dot.php file, Central Command says, the virus body will be executed from an external file and will take full control."

    Usually when a warning states that the virus is going take full control or wipe your hard disk, or all files will become infected it is a hoax.

    Also the whole article seems a bit weak on details. The article states that the problem is on the server and makes no mention of propogating through to a client. When running anything on Windows you should be cautious of running any new code of unknown origin.

    http://www.symantec.com have a database of most known viruses and hoaxes, yet they haven't got anything related to php.newworld yet.

    I know I haven't answered the question but hopefully given you some useful info.

    Andy J





  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Location
    Los Angeles
    Posts
    5
    Rep Power
    0

    Thumbs down


    Well I would not give this any credit whatsoever.

    I also think that technical articles should be written by the technicaly literate.

    I think someone is trying to sell some virus software.

    This article does not point out the fact that php installed as a CGI or helper application to your web server executes under your webservers permission settings. This would rule out access to any directory not directly allowed by your webserver settings docroot.

    Who would have any php, html files in there windows directory anyway?

    I would and could go on and on , but rule of thumb is that a real hack would provide a spoof kit and the related code to verify the claims and results, this is the norm.

    This is a sure Hoax to sell some sub standard virus software to newbies.

    The only way for this to even work would be for a user to download the PHP file to their system and install to the executable script directory, from there it would then have to be called. This is how all of your other scripts work too, so now we also need to have scripts in the windows directory, oops we dont and the web server will not execute scripts outside its control so now what?


    You get the idea.

  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    1
    Rep Power
    0

    Thumbs down REEEE TARRRR TEDDDDD


    I just checked the websites in question. Here's the scoop

    - Steve Gold, Newsbytes writes (as if it were a real story) an article which is basically a shameless regurgitation of someone else's technically lacking press release. He reports on a company called Command Central, which can be found at AVS.com, that has detected (and already remedied!) a virus so-called PHP.NewWorld. You have to go there and read it for yourself. Its a hoot! He even gets the syntax of the request method mispelled.

    For one thing, .php and .html files are never executed in any case. They may be parsed or interpreted, but never executed - especially on a Windows machine. Who would ever be parsing .php scripts on a Winblows??

    Foolishness. Foolishness.


IMN logo majestic logo threadwatch logo seochat tools logo