Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

PHP.net maintainers to reset user passwords, change SSL certificate

Lucian Constantin | Oct. 28, 2013
The PHP Group will reset the passwords for accounts on php.net, the official website of the PHP programming language, and will change the site's SSL certificate after attackers compromised two servers and injected malicious code into the website.

Kaspersky Lab senior security researcher Fabio Assolini said on Twitter that if successful, the exploits installed a Trojan program called Tepfer.

The Tepfer malware is designed to steal log-in credentials and configuration information from FTP client software, according to an August analysis by researchers from Fortinet.

Many users who visit the php.net website are Web developers and they are likely to store FTP log-in credentials on their computers for the websites they maintain. Users who believe they might have been compromised as a result of this attack should probably change the log-in credentials stored in their FTP clients.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.