Skip to content ↓ | Skip to navigation ↓

Several web pages belonging to PHP.net were found to be serving up malware that automatically downloads and installs on victim’s systems according to Google’s Safe Browsing technology, which has temporarily blocked access to the site.

“Of the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-10-23, and the last time suspicious content was found on this site was on 2013-10-23,” Google stated in an advisory.

PHP is an open source development language used a large number of websites such as those utilizing the popular WordPress and Joomla platforms. Below is an example of the warning issued by Google:

pic

Google did not specify the nature of the malware employed in the drive-by attacks, but did say they included four Trojans hosted on four domains, including cobbcountybankruptcylawyer.com, stephaniemari.com, and northgadui.com.

Google also warned that three domains “appeared to be functioning as intermediaries for distributing malware to visitors of this site, including stephaniemari.com, northgadui.com, satnavreviewed.co.uk.”

Read More Here…