PHP. Alf is the latest virus infected with PHP and web files

Messages from ESET, new viruses and variants specially infected with PHP and Html files, were recently discovered. I hope you will pay attention to PHPer and upgrade your anti-virus software in time.

 

Name: PHP. Alf

Virus Type: Worm

Infected: 846 bytes

Hazard level: Medium

Propagation Speed: Medium

Technical Features:

This is a very simple Virus File suffixed with .php;.htm and html. After the virus runs, change the name to Script. php. To complete this function, perform the following steps:

1. Change your name to Dir. php;

2. Create C: \ Php (if this directory does not exist on the local machine );

3. Move yourself to the C: \ Php Directory and name it Dir. php;

4. Move back to the directory where you just started, and change the file name to Script. php.

Then, search for files with the following suffixes in the virus running directory:

1.. php

22.16.htm

32.16.html

It will open each found file and search for the string "Alf. php" in it. If this string is not found, the file will be infected. However, it simply adds a reference tag to the end of the file so that the virus can run every time the infected file is opened.

It seems that the virus is used to search for and find the "Alf. php" text string as the infection mark, so that a file will only be infected once. However, because the infection process only adds a reference tag to the end of the file, and does not really copy the virus code to the file, the file can still be infected multiple times.